hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into dbartol/v1

Browse Source
This commit is contained in:
Dave Bartolomeo
2024-05-23 14:37:28 -04:00
committed by GitHub
parent 613ccaac1d b2c64eabd4
commit f498e05099
43 changed files with 316 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
View File

@@ -16,5 +16,5 @@ import TrustBoundaryFlow::PathGraph
from TrustBoundaryFlow::PathNode source, TrustBoundaryFlow::PathNode sink
where TrustBoundaryFlow::flowPath(source, sink)
select sink.getNode(), sink, source,
"This servlet reads data from a remote source and writes it to a session variable."
select sink.getNode(), source, sink,
"This servlet reads data from a $@ and writes it to a session variable.", source, "remote source"

7
java/ql/src/Security/CWE/CWE-611/XXE.qhelp
View File

@@ -28,10 +28,9 @@ This improves security but the code will still be at risk of denial of service a
Protection against denial of service attacks may also be implemented by setting entity expansion limits, which is done
by default in recent JDK and JRE implementations.
Because there are many different ways to disable external entity retrieval with varying support between different providers,
in this query we choose to specifically check for the <a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java">OWASP recommended way</a>
to disable external entity retrieval for a particular parser. There may be other ways of making a particular parser safe
which deviate from these guidelines, in which case this query will continue to flag the parser as potentially dangerous.
We recommend visiting OWASP's <a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java">XML Entity Prevention Cheat Sheet</a>,
finding the specific XML parser, and applying the mitigation listed there. Other mitigations might be sufficient in some cases, but manual verification will be needed,
as the query will continue to flag the parser as potentially dangerous.
</p>
</recommendation>

4
java/ql/src/change-notes/2024-05-23-trusted-boundary-violation.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The alert message for the query "Trust boundary violation" (`java/trust-boundary-violation`) has been updated to include a link to the remote source.

2
java/ql/src/utils/modeleditor/ModelEditor.qll
View File

@@ -77,7 +77,7 @@ class Endpoint extends Callable {
predicate isNeutral() {
exists(string namespace, string type, string name, string signature |
neutralModel(namespace, type, name, signature, _, _) and
this = interpretElement(namespace, type, false, name, signature, "")
this = interpretElement(namespace, type, false, name, signature, "", _)
)
}