Skip to content
#

code-analysis

Here are 266 public repositories matching this topic...

find-sec-bugs
h3xstream
h3xstream commented Oct 5, 2020

Description

BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.

Code

import org.apache.commons.beanutils.BeanUtils;

public
uyar
uyar commented May 24, 2019

Environment data

VS Code version: 1.34.0
Extension version (available under the Extensions sidebar): 2019.4.12954
OS and version: Ubuntu 19.04
Python version (& distribution if applicable, e.g. Anaconda): 3.6
Type of virtual environment used: virtualenv

Problem

The type hints in the stub file for the current module aren't used for autocompletion.

I have a foo.pyi file as

Improve this page

Add a description, image, and links to the code-analysis topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the code-analysis topic, visit your repo's landing page and select "manage topics."

Learn more