hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added more org.apache.commons.io.FileUtils-related sinks to the path injection query.

Browse Source
This commit is contained in:
Mauro Baluda
2024-06-10 11:29:51 +02:00
parent 06aa2664bf
commit 71505f4003
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/lib/ext/org.apache.commons.io.model.yml
View File

@@ -30,3 +30,8 @@ extensions:
- ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["org.apache.commons.io", "IOUtils", False, "resourceToString", "(String,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["org.apache.commons.io", "FileUtils", True, "deleteDirectory", "(File)", "", "Argument[0]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "deleteQuietly", "(File)", "", "Argument[0]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "forceDelete", "(File)", "", "Argument[0]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "forceDeleteOnExit", "(File)", "", "Argument[0]", "path-injection", "manual"]
- ["org.apache.commons.io", "FileUtils", True, "forceMkdir", "(File)", "", "Argument[0]", "path-injection", "manual"]

4
java/ql/src/change-notes/2024-06-10-path-injection-fileutils-sinks.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added more `org.apache.commons.io.FileUtils`-related sinks to the path injection query.