Skip to content

Java : Add a query to detect Spring View Manipulation Vulnerability (Implicit) #263

New issue
New issue
Closed
Closed
Java : Add a query to detect Spring View Manipulation Vulnerability (Implicit)#263
Labels
All For OneSubmissions to the All for One, One for All bounty
@ghost

Description

@ghost
ghost
opened on Feb 1, 2021

The query adds support for detecting implicit Spring View Manipulation Vulnerabilities.

This detects code similar to

@GetMapping("/doc/{document}")
public void getDocument(@PathVariable String document) {
    log.info("Retrieving " + document);
}

Please note that while the PR for both #201 and this one is the same( github/codeql#4214 ), the PR includes two separate queries with two unique and mutually independent result sets. Hence, it makes sense file two separate bounty applications for each,

This security impact of this vulnerability should critical as presence of this flaw leads to remote code execution.

This one has been run on LGTM multiple times. Each iteration came with lower FP's. The results of the latest run have been shared with @pwntester. The query found 29 results across 11 projects. All of them appear to be true positives.

Metadata

Metadata

Assignees

No one assigned

    Labels

    All For OneSubmissions to the All for One, One for All bounty

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions