The query adds support for detecting implicit Spring View Manipulation Vulnerabilities.
This detects code similar to
@GetMapping("/doc/{document}")
public void getDocument(@PathVariable String document) {
log.info("Retrieving " + document);
}Please note that while the PR for both #201 and this one is the same( github/codeql#4214 ), the PR includes two separate queries with two unique and mutually independent result sets. Hence, it makes sense file two separate bounty applications for each,
This security impact of this vulnerability should critical as presence of this flaw leads to remote code execution.
This one has been run on LGTM multiple times. Each iteration came with lower FP's. The results of the latest run have been shared with @pwntester. The query found 29 results across 11 projects. All of them appear to be true positives.
The query adds support for detecting implicit Spring View Manipulation Vulnerabilities.
This detects code similar to
Please note that while the PR for both #201 and this one is the same( github/codeql#4214 ), the PR includes two separate queries with two unique and mutually independent result sets. Hence, it makes sense file two separate bounty applications for each,
This security impact of this vulnerability should critical as presence of this flaw leads to remote code execution.
This one has been run on LGTM multiple times. Each iteration came with lower FP's. The results of the latest run have been shared with @pwntester. The query found 29 results across 11 projects. All of them appear to be true positives.