Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[querydb] Add scan rule for SpEL injection detection #5108

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[querydb] Add scan rule for SpEL injection detection #5108

wants to merge 2 commits into from

Conversation

piggyctf
Copy link

Added a new scan rule in querydb to detect potential SpEL injection vulnerabilities. This rule was tested with compiled source code and successfully identified instances of SpEL injection. It enhances the security by flagging risky expressions in queries that could lead to injection attacks.

@piggyctf
[querydb] Add scan rule for SpEL injection detection
ee62e51 
Added a new scan rule in querydb to detect potential SpEL injection vulnerabilities. This rule was tested with compiled source code and successfully identified instances of SpEL injection. It enhances the security by flagging risky expressions in queries that could lead to injection attacks.
@piggyctf
Copy link
Author

Hi Team, it seems like one of the test fails is for "io.joern.rubysrc2cpg.io.RubySrc2CpgHTTPServerTests". This is not part of my PR nor code changes I've ever made. Could someone please elaborate a little bit how should I get this test passed?

@itsacoderepo
Copy link
Contributor

I'll have a look, thanks for the PR.

@DavidBakerEffendi
Copy link
Collaborator

@piggyctf You need to run sbt scalafmt Test/scalafmt to get the formatting to pass

@piggyctf
[querydb] Add scan rule for SpEL injection detection
b1368a0 
Added a new scan rule in querydb to detect potential SpEL injection vulnerabilities. This rule was tested with compiled source code and successfully identified instances of SpEL injection. It enhances the security by flagging risky expressions in queries that could lead to injection attacks.
@piggyctf
Copy link
Author

piggyctf commented Nov 23, 2024
edited
Loading

I have run sbt scalafmt Test/scalafmt locally and committed again. It seems just a line break was added but should be good to go

@piggyctf
Copy link
Author

Hi Team, the formatting issue now is gone, but the test for "io.joern.rubysrc2cpg.io.RubySrc2CpgHTTPServerTests" remains failure somehow. Could someone please have a check on that as it's not part of my code changes. Much thanks!
[info] *** 1 TEST FAILED *** [error] Failed tests: [error] io.joern.rubysrc2cpg.io.RubySrc2CpgHTTPServerTests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@itsacoderepo itsacoderepo itsacoderepo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@piggyctf @itsacoderepo @DavidBakerEffendi