hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

QL docs: Update links to blog/demos

Browse Source
This commit is contained in:
Shati Patel
2019-11-19 15:06:26 +00:00
parent c73ae5399d
commit 49c2398bda
5 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/language/ql-training/java/apache-struts-java.rst
View File

@@ -58,7 +58,7 @@ RCE in Apache Struts
- Disclosed as `CVE-2017-9805 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805>`__
- Blog post: https://blog.semmle.com/apache-struts-vulnerability-cve-2017-9805/
- Blog post: https://securitylab.github.com/research/apache-struts-vulnerability-cve-2017-9805
Finding the RCE yourself
========================
@@ -134,4 +134,4 @@ Model answer, step 4
and sink.getNode() instanceof UnsafeDeserializationSink
select sink.getNode().(UnsafeDeserializationSink).getMethodAccess(), source, sink, "Unsafe deserialization of $@.", source, "user input"
More full-featured version: https://github.com/Semmle/demos/tree/master/ql_demos/java/Apache_Struts_CVE-2017-9805
More full-featured version: https://github.com/github/security-lab/tree/master/CodeQL_Queries/java/Apache_Struts_CVE-2017-9805

4
docs/language/ql-training/java/global-data-flow-java.rst
View File

@@ -53,8 +53,8 @@ Code injection in Apache struts
.. note::
More details on the CVE can be found here: https://blog.semmle.com/apache-struts-CVE-2018-11776/ and
https://github.com/Semmle/demos/tree/master/ql_demos/java/Apache_Struts_CVE-2018-11776
More details on the CVE can be found here: https://securitylab.github.com/research/apache-struts-CVE-2018-11776 and
https://github.com/github/security-lab/tree/master/CodeQL_Queries/java/Apache_Struts_CVE-2018-11776
More details on OGNL can be found here: https://commons.apache.org/proper/commons-ognl/