-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #15921 from jcogs33/jcogs33/unsafe-url-forward-pro…
…motion-resource-and-file-methods Java: add models for some resource-related methods
- Loading branch information
Showing
55 changed files
with
2,468 additions
and
2,423 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
category: minorAnalysis | ||
--- | ||
* Added models for the following packages: | ||
|
||
* io.undertow.server.handlers.resource | ||
* jakarta.faces.context | ||
* javax.faces.context | ||
* javax.servlet | ||
* org.jboss.vfs | ||
* org.springframework.core.io |
14 changes: 14 additions & 0 deletions
14
java/ql/lib/ext/io.undertow.server.handlers.resource.model.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
extensions: | ||
- addsTo: | ||
pack: codeql/java-all | ||
extensible: sinkModel | ||
data: | ||
- ["io.undertow.server.handlers.resource", "PathResourceManager", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "manual"] | ||
|
||
- addsTo: | ||
pack: codeql/java-all | ||
extensible: summaryModel | ||
data: | ||
- ["io.undertow.server.handlers.resource", "Resource", True, "getFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] | ||
- ["io.undertow.server.handlers.resource", "Resource", True, "getFilePath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] | ||
- ["io.undertow.server.handlers.resource", "Resource", True, "getPath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
extensions: | ||
- addsTo: | ||
pack: codeql/java-all | ||
extensible: sinkModel | ||
data: | ||
- ["org.jboss.vfs", "VirtualFile", True, "getChild", "", "", "Argument[0]", "path-injection", "manual"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4,174 changes: 2,087 additions & 2,087 deletions
4,174
java/ql/test/experimental/query-tests/security/CWE-020/Log4jInjectionTest.expected
Large diffs are not rendered by default.
Oops, something went wrong.
14 changes: 7 additions & 7 deletions
14
java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
22 changes: 11 additions & 11 deletions
22
.../test/experimental/query-tests/security/CWE-078/CommandInjectionRuntimeExecLocal.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
java/ql/test/experimental/query-tests/security/CWE-078/ExecTainted.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 changes: 3 additions & 3 deletions
6
java/ql/test/experimental/query-tests/security/CWE-094/BeanShellInjection.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6 changes: 3 additions & 3 deletions
6
java/ql/test/experimental/query-tests/security/CWE-094/JShellInjection.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
java/ql/test/experimental/query-tests/security/CWE-094/JakartaExpressionInjection.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 5 additions & 5 deletions
10
java/ql/test/experimental/query-tests/security/CWE-094/JythonInjection.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.