Move to experimental

2026-04-28 02:05:14 +02:00 · 2020-04-03 00:27:51 +02:00
parent cffe89f652
commit f05b2af69d
6 changed files with 4 additions and 1 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.java
+++ b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.java
--- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qhelp
@@ -32,5 +32,8 @@ the actuator endpoints.</p>
 Spring Boot documentation:
 <a href="https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html">Actuators</a>.
 </li>
+<li>
+<a href="https://www.veracode.com/blog/research/exploiting-spring-boot-actuators">Exploiting Spring Boot Actuators</a>
+</li>
 </references>
 </qhelp>
--- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql
--- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.qll
--- a/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.java
@@ -1,7 +1,7 @@
 import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;

-public class ActuatorSecurityConfig {
+public class SpringBootActuators {
  protected void configure(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests(requests -> requests.anyRequest().permitAll());
  }
--- a/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.qlref
+++ b/java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.qlref