hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #20067 from owen-mc/java/unsafe-deserialization-mad-sinks

Browse Source 
Java: allow the definition of `java/unsafe-deserialization` sinks using data extensions
This commit is contained in:
Owen Mansel-Chan
2025-07-17 13:42:31 +01:00
committed by GitHub
parent a807db52ad 6629bd8279
commit af977e9ac7
23 changed files with 358 additions and 255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
shared/mad/codeql/mad/ModelValidation.qll
View File

@@ -29,8 +29,9 @@ module KindValidation<KindValidationConfigSig Config> {
[
// shared
"code-injection", "command-injection", "environment-injection", "file-content-store",
"html-injection", "js-injection", "ldap-injection", "log-injection", "path-injection",
"request-forgery", "sql-injection", "url-redirection", "xpath-injection",
"html-injection", "js-injection", "ldap-injection", "log-injection", "nosql-injection",
"path-injection", "request-forgery", "sql-injection", "url-redirection",
"xpath-injection", "unsafe-deserialization",
// Java-only currently, but may be shared in the future
"bean-validation", "fragment-injection", "groovy-injection", "hostname-verification",
"information-leak", "intent-redirection", "jexl-injection", "jndi-injection",
@@ -38,7 +39,7 @@ module KindValidation<KindValidationConfigSig Config> {
"response-splitting", "trust-boundary-violation", "template-injection", "url-forward",
"xslt-injection",
// JavaScript-only currently, but may be shared in the future
"mongodb.sink", "nosql-injection", "unsafe-deserialization",
"mongodb.sink",
// Swift-only currently, but may be shared in the future
"database-store", "format-string", "hash-iteration-count", "predicate-injection",
"preferences-store", "tls-protocol-version", "transmission", "webview-fetch", "xxe",