hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6136 from smowton/smowton/admin/spring-xss-content-type-sensitivity

Browse Source 
Spring HTTP: improve content-type sensitivity
This commit is contained in:
Anders Schack-Mulligen
2021-09-15 09:50:56 +02:00
committed by GitHub
parent 2a9e3da24f 406466de9a
commit 3f7d6e6f85
5 changed files with 219 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/change-notes/2021-08-03-spring-content-types.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The XSS query now accounts for more ways to set the content-type of an entity served via a Spring HTTP endpoint. This may flag more cases where an XSS-vulnerable content-type is set, and exclude more cases where a non-vulnerable content-type such as `application/json` is set.