Merge pull request #10352 from atorralba/atorralba/promote-template-injection

Java: Promote Server-side template injection from experimental
2026-03-30 12:18:18 +02:00 · 2022-09-20 16:11:58 +02:00
parent 4614074d01 4af29e6abf
commit cbb64cc8c1
615 changed files with 16792 additions and 711 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -117,6 +117,7 @@ private module Frameworks {
  private import semmle.code.java.frameworks.Retrofit
  private import semmle.code.java.frameworks.Stream
  private import semmle.code.java.frameworks.Strings
+  private import semmle.code.java.frameworks.Thymeleaf
  private import semmle.code.java.frameworks.ratpack.Ratpack
  private import semmle.code.java.frameworks.ratpack.RatpackExec
  private import semmle.code.java.frameworks.spring.SpringCache
@@ -141,6 +142,7 @@ private module Frameworks {
  private import semmle.code.java.security.LdapInjection
  private import semmle.code.java.security.MvelInjection
  private import semmle.code.java.security.OgnlInjection
+  private import semmle.code.java.security.TemplateInjection
  private import semmle.code.java.security.XPath
  private import semmle.code.java.security.XsltInjection
  private import semmle.code.java.frameworks.Jdbc
@@ -625,7 +627,7 @@ module CsvValidation {
          "open-url", "jndi-injection", "ldap", "sql", "jdbc-url", "logging", "mvel", "xpath",
          "groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent",
          "url-open-stream", "url-redirect", "create-file", "write-file", "set-hostname-verifier",
-          "header-splitting", "information-leak", "xslt", "jexl", "bean-validation"
+          "header-splitting", "information-leak", "xslt", "jexl", "bean-validation", "ssti"
        ] and
      not kind.matches("regex-use%") and
      not kind.matches("qltest%") and