CVE
There is no CVE for this.
Report
This query adds Fastjson deserialization sinks.
JSON.parseObject(cmd);
JSON.parse(cmd);
It has been added to CWE-502. I found that RemoteFlowSource cannot be supported in the test: (1) SpringMVC directly submits parameters; (2) SpringMVC does routing access through Mapping annotations, and the original verification does not have this logic. I Some additions have been made here.
please check:
codeql\java\ql\src\semmle\code\java\frameworks\SpringMVC.qll
codeql\java\ql\src\semmle\code\java\dataflow\FlowSources.qll SpringMVC class
codeql\java\ql\src\semmle\code\java\security\UnsafeDeserialization.qll
codeql\java\ql\src\Security\CWE\CWE-502
Link to the PR:github/codeql#3665
CVE
There is no CVE for this.
Report
This query adds Fastjson deserialization sinks.
It has been added to CWE-502. I found that RemoteFlowSource cannot be supported in the test: (1) SpringMVC directly submits parameters; (2) SpringMVC does routing access through Mapping annotations, and the original verification does not have this logic. I Some additions have been made here.
please check:
codeql\java\ql\src\semmle\code\java\frameworks\SpringMVC.qll
codeql\java\ql\src\semmle\code\java\dataflow\FlowSources.qll SpringMVC class
codeql\java\ql\src\semmle\code\java\security\UnsafeDeserialization.qll
codeql\java\ql\src\Security\CWE\CWE-502
Link to the PR:github/codeql#3665