hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-06 06:05:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: update xslt sink kind to xslt-injection

Browse Source
This commit is contained in:
Jami Cogswell
2023-05-09 12:06:36 -04:00
parent cea97b3f2a
commit 6d2d25406c
4 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -277,9 +277,9 @@ module ModelValidation {
"open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection",
"mvel-injection", "xpath-injection", "groovy-injection", "xss", "ognl-injection",
"intent-start", "pending-intent-sent", "url-redirection", "create-file", "read-file",
"write-file", "set-hostname-verifier", "header-splitting", "information-leak", "xslt",
"jexl-injection", "bean-validation", "template-injection", "fragment-injection",
"command-injection"
"write-file", "set-hostname-verifier", "header-splitting", "information-leak",
"xslt-injection", "jexl-injection", "bean-validation", "template-injection",
"fragment-injection", "command-injection"
] and
not kind.matches("regex-use%") and
not kind.matches("qltest%") and