Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 8974f25

Browse files
pwntesterpwntester
committed
fix format and qlhelp errors blocking the merge
1 parent 11e57bd commit 8974f25

2 files changed

Lines changed: 5 additions & 3 deletions

File tree

java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.qhelp

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,17 @@
22
"-//Semmle//qhelp//EN"
33
"qhelp.dtd">
44
<qhelp>
5-
65
<overview>
76
<p>Bean validation custom constraint error messages support different types of interpolation,
87
including <a href="https://docs.jboss.org/hibernate/validator/5.1/reference/en-US/html/chapter-message-interpolation.html#section-interpolation-with-message-expressions">Java EL expressions</a>.
9-
Controlling part of the message template being passed to `ConstraintValidatorContext.buildConstraintViolationWithTemplate()`
8+
Controlling part of the message template being passed to <code>ConstraintValidatorContext.buildConstraintViolationWithTemplate()</code>
109
argument will lead to arbitrary Java code execution. Unfortunately, it is common that validated (and therefore, normally
1110
untrusted) bean properties flow into the custom error message.</p>
1211
</overview>
1312

1413
<recommendation>
1514
<p>There are different approaches to remediate the issue:</p>
15+
<ul>
1616
<li>Do not include validated bean properties in the custom error message.</li>
1717
<li>Use parameterized messages instead of string concatenation. E.g:</li>
1818
``` java
@@ -32,6 +32,7 @@ Validator validator = Validation.byDefaultProvider()
3232
```
3333
<li>Replace Hibernate-Validator with Apache BVal which in its latest version does not interpolate EL expressions by default.
3434
Note that this replacement may not be a simple drop-in replacement.</li>
35+
<ul>
3536
</recommendation>
3637

3738
<example>

java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,8 @@ import DataFlow::PathGraph
1616

1717
class BuildConstraintViolationWithTemplateMethod extends Method {
1818
BuildConstraintViolationWithTemplateMethod() {
19-
this.getDeclaringType()
19+
this
20+
.getDeclaringType()
2021
.getASupertype*()
2122
.hasQualifiedName("javax.validation", "ConstraintValidatorContext") and
2223
this.hasName("buildConstraintViolationWithTemplate")

0 commit comments

Comments
 (0)