hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor the business logic of the query into a separate predicate

Browse Source
This commit is contained in:
luchua-bc
2021-03-12 12:19:37 +00:00
parent c8b1bc3a89
commit 1a2e341b7c
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql
View File

@@ -60,8 +60,11 @@ class ManagementEndPointInclude extends ApplicationProperties {
string getValue() { result = this.getValueElement().getValue().trim() }
}
from SpringBootPom pom, ApplicationProperties ap, Dependency d
where
/**
* Holds if `ApplicationProperties` ap of a repository managed by `SpringBootPom` pom
* has a vulnerable configuration of Spring Boot Actuator management endpoints.
*/
predicate hasConfidentialEndPointExposed(SpringBootPom pom, ApplicationProperties ap) {
pom.isSpringBootActuatorUsed() and
not pom.isSpringBootSecurityUsed() and
ap.getFile()
@@ -90,7 +93,12 @@ where
]) // confidential endpoints to check although all endpoints apart from '/health' and '/info' are considered sensitive by Spring
)
)
) and
)
}
from SpringBootPom pom, ApplicationProperties ap, Dependency d
where
hasConfidentialEndPointExposed(pom, ap) and
d = pom.getADependency() and
d.getArtifact().getValue() = "spring-boot-starter-actuator"
select d, "Insecure configuration of Spring Boot Actuator exposes sensitive endpoints."