Migrate Java code to separate QL repo.

2026-04-24 00:05:14 +02:00 · 2018-08-30 10:48:05 +01:00
parent d957c151a6
commit 846c9d5860
2319 changed files with 134386 additions and 0 deletions
--- a/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.qhelp
+++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.qhelp
@@ -0,0 +1,35 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+
+<overview>
+<p>
+The Enterprise JavaBeans 3.0 core specification, Section 21.1.2, states:
+</p>
+
+<blockquote>
+<p>
+The enterprise bean must not attempt to access or modify the security configuration objects
+(Policy, Security, Provider, Signer, and Identity).
+</p>
+<p>
+These functions are reserved for the EJB container. Allowing the enterprise bean to use these functions
+could compromise security.
+</p>
+</blockquote>
+
+</overview>
+<references>
+
+
+<li>
+  <a href="http://jcp.org/aboutJava/communityprocess/final/jsr220/index.html">
+  JSR-220 Enterprise JavaBeans 3.0 Final Release</a> (ejbcore),
+  Section 21.1.2 Programming Restrictions
+</li>
+
+
+</references>
+</qhelp>