Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add taint sinks for XPath injection #108

Closed
formanek opened this issue Oct 11, 2015 · 2 comments
Closed

Add taint sinks for XPath injection #108

formanek opened this issue Oct 11, 2015 · 2 comments
Labels
enhancement New feature or improvement to existing detector.
Milestone
version-1.4.4

Comments

@formanek
Copy link
Contributor

Not all methods from org.apache.xpath.XPathAPI are included and there are more APIs to add.
@formanek
Copy link
Contributor Author

There is also a bug in XPathInjectionJavaxDetector - bad argument in method evaluate is checked (0 instead of 1). Plus the other 3 methods with different signatures are not checked at all.

@formanek formanek mentioned this issue Oct 18, 2015
Merged
@h3xstream h3xstream added the enhancement New feature or improvement to existing detector. label Nov 11, 2015
@h3xstream
Copy link
Member

Consider fixed : formanek@5eb6686#diff-e7af01b3ebefa5f1b6ed5b5c44483905R1

@h3xstream h3xstream added this to the version-1.4.4 milestone Nov 27, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or improvement to existing detector.
Projects
None yet
Milestone
version-1.4.4
Development

No branches or pull requests
2 participants
@h3xstream @formanek