hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: support version 3.x

Browse Source
This commit is contained in:
Jami Cogswell
2025-07-17 11:21:17 -04:00
parent afa6610cb9
commit ea35fbbe3b
23 changed files with 109 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/semmle/code/java/security/SpringBootActuatorsConfigQuery.qll
View File

@@ -110,7 +110,7 @@ predicate hasConfidentialEndPointExposed(SpringBootPom pom, ApplicationPropertie
me.hasSecurityDisabled() and me.getFile() = apFile and me = apOption.asSome()
)
or
springBootVersion.matches("2.%") and //version 2.x
springBootVersion.matches(["2.%", "3.%"]) and //version 2.x and 3.x
exists(ManagementEndPointInclude mi |
mi.getFile() = apFile and
mi = apOption.asSome() and
@@ -121,7 +121,7 @@ predicate hasConfidentialEndPointExposed(SpringBootPom pom, ApplicationPropertie
.matches([
"%dump%", "%trace%", "%logfile%", "%shutdown%", "%startup%", "%mappings%",
"%env%", "%beans%", "%sessions%"
]) // confidential endpoints to check although all endpoints apart from '/health' and '/info' are considered sensitive by Spring
]) // confidential endpoints to check although all endpoints apart from '/health' are considered sensitive by Spring
)
)
)