hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: handle example in Spring docs

Browse Source
This commit is contained in:
Jami Cogswell
2025-02-23 23:28:10 -05:00
parent b2469ff8ba
commit 9e51b014d2
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/lib/semmle/code/java/security/SpringBootActuatorsQuery.qll
View File

@@ -142,5 +142,14 @@ predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {
registryRequestMatchersCall.getQualifier() = authorizeCall and
permitAllCall.getQualifier() = registryRequestMatchersCall
)
or
exists(Variable v, MatcherCall matcherCall |
// http.securityMatcher(EndpointRequest.toAnyEndpoint());
// http.authorizeRequests([...].permitAll())
v.getAnAccess() = authorizeCall.getQualifier() and
v.getAnAccess() = matcherCall.getQualifier() and
authorizeCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and
permitAllCall.getQualifier() instanceof AnyRequestCall
)
)
}