Skip to content

Java: Add change note for LDAP injection query. #2738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
felicitymay merged 2 commits into from
Feb 5, 2020
Merged

Java: Add change note for LDAP injection query. #2738

felicitymay merged 2 commits into from
Feb 5, 2020

Conversation

@aschackmull
Copy link
Contributor

@aschackmull aschackmull commented Jan 31, 2020

Add a change note for the query added in #2651.

felicitymay
felicitymay reviewed Feb 4, 2020
View reviewed changes
change-notes/1.24/analysis-java.md Outdated
|-----------------------------|-----------|--------------------------------------------------------------------|
| Disabled Spring CSRF protection (`java/spring-disabled-csrf-protection`) | security, external/cwe/cwe-352 | Finds disabled Cross-Site Request Forgery (CSRF) protection in Spring. |
| Failure to use HTTPS or SFTP URL in Maven artifact upload/download (`java/maven/non-https-url`) | security, external/cwe/cwe-300, external/cwe/cwe-319, external/cwe/cwe-494, external/cwe/cwe-829 | Finds use of insecure protocols during Maven dependency resolution. Results are shown on LGTM by default. |
| LDAP query built from user-controlled sources (`java/ldap-injection`) | security, external/cwe/cwe-090 | Finds LDAP queries vulnerable to injection of unsanitized user-controlled input. |
Copy link
Contributor

@felicitymay felicitymay Feb 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this be run on LGTM? If so, will the results be shown or hidden, by default?

Copy link
Contributor Author

@aschackmull aschackmull Feb 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Run and shown. I've elaborated the change notes for the new queries to say this.

felicitymay
felicitymay approved these changes Feb 4, 2020
View reviewed changes
Copy link
Contributor

@felicitymay felicitymay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks for the change note and the update.

@felicitymay
Copy link
Contributor

felicitymay commented Feb 4, 2020

Does anyone else need to review this, or can I just merge it?

@aschackmull
Copy link
Contributor Author

aschackmull commented Feb 5, 2020

Feel free to merge.

@felicitymay felicitymay merged commit d0e7bfc into github:master Feb 5, 2020
@aschackmull aschackmull deleted the java/ldapinjection-changenote branch February 5, 2020 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@felicitymay felicitymay felicitymay approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Java

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aschackmull @felicitymay