hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-05 17:51:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7702 from atorralba/atorralba/fix-jndi-injection-sinks

Browse Source 
Java: Remove some JNDI Injection sinks
This commit is contained in:
Anders Schack-Mulligen
2022-01-24 10:53:58 +01:00
committed by GitHub
parent 9bd2ac96ea 908b7c43f2
commit 7af6dc7164
33 changed files with 704 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/lib/semmle/code/java/security/JndiInjection.qll
View File

@@ -88,7 +88,12 @@ private class DefaultJndiInjectionSinkModel extends SinkModelCsv {
// Spring
"org.springframework.jndi;JndiTemplate;false;lookup;;;Argument[0];jndi-injection",
// spring-ldap 1.2.x and newer
"org.springframework.ldap.core;LdapOperations;true;lookup;;;Argument[0];jndi-injection",
"org.springframework.ldap.core;LdapOperations;true;lookup;(Name);;Argument[0];jndi-injection",
"org.springframework.ldap.core;LdapOperations;true;lookup;(Name,ContextMapper);;Argument[0];jndi-injection",
"org.springframework.ldap.core;LdapOperations;true;lookup;(Name,String[],ContextMapper);;Argument[0];jndi-injection",
"org.springframework.ldap.core;LdapOperations;true;lookup;(String);;Argument[0];jndi-injection",
"org.springframework.ldap.core;LdapOperations;true;lookup;(String,ContextMapper);;Argument[0];jndi-injection",
"org.springframework.ldap.core;LdapOperations;true;lookup;(String,String[],ContextMapper);;Argument[0];jndi-injection",
"org.springframework.ldap.core;LdapOperations;true;lookupContext;;;Argument[0];jndi-injection",
"org.springframework.ldap.core;LdapOperations;true;findByDn;;;Argument[0];jndi-injection",
"org.springframework.ldap.core;LdapOperations;true;rename;;;Argument[0];jndi-injection",