Skip to content

Commit 27be5ba

Browse files
atorralbaatorralba
authored
Merge pull request #15073 from atorralba/atorralba/java/remove-invalid-ognl-sinks
Java: Remove invalid OGNL sinks
2 parents 5675df8 + fad53a2 commit 27be5ba

File tree

2 files changed

+4
-11
lines changed

2 files changed

+4
-11
lines changed

java/ql/lib/ext/struts2.model.yml

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -39,30 +39,19 @@ extensions:
3939
- ["com.opensymphony.xwork2", "ActionSupport", true, "getFormatted", "(String,String)", "", "Argument[1]", "ognl-injection", "manual"]
4040
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String)", "", "Argument[0]", "ognl-injection", "manual"]
4141
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,List)", "", "Argument[0]", "ognl-injection", "manual"]
42-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,List)", "", "Argument[1]", "ognl-injection", "manual"]
4342
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String)", "", "Argument[0]", "ognl-injection", "manual"]
4443
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String)", "", "Argument[1]", "ognl-injection", "manual"]
4544
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[0]", "ognl-injection", "manual"]
4645
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[1]", "ognl-injection", "manual"]
47-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[2]", "ognl-injection", "manual"]
48-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[this]", "ognl-injection", "manual"]
4946
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[0]", "ognl-injection", "manual"]
5047
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[1]", "ognl-injection", "manual"]
51-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[2]", "ognl-injection", "manual"]
52-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[this]", "ognl-injection", "manual"]
5348
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String)", "", "Argument[0]", "ognl-injection", "manual"]
5449
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String)", "", "Argument[1]", "ognl-injection", "manual"]
55-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String)", "", "Argument[2]", "ognl-injection", "manual"]
5650
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[0]", "ognl-injection", "manual"]
5751
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[1]", "ognl-injection", "manual"]
58-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[2]", "ognl-injection", "manual"]
59-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[this]", "ognl-injection", "manual"]
6052
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[0]", "ognl-injection", "manual"]
6153
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[1]", "ognl-injection", "manual"]
62-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[2]", "ognl-injection", "manual"]
63-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[this]", "ognl-injection", "manual"]
6454
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String[])", "", "Argument[0]", "ognl-injection", "manual"]
65-
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String[])", "", "Argument[1]", "ognl-injection", "manual"]
6655
- ["com.opensymphony.xwork2", "TextProvider", true, "hasKey", "(String)", "", "Argument[0]", "ognl-injection", "manual"]
6756
- ["com.opensymphony.xwork2", "TextProvider", true, "hasKey", "(String)", "", "Argument[this]", "ognl-injection", "manual"]
6857
- ["org.apache.struts2.util", "StrutsUtil", true, "findString", "(String)", "", "Argument[0]", "ognl-injection", "manual"]

java/ql/src/change-notes/2023-12-12-ognl-invalid-sinks.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.

0 commit comments

Comments
 (0)