Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e1e03e3

Browse files
p-p-
authored
Add query documentation header
1 parent 9de2be8 commit e1e03e3

1 file changed

Lines changed: 8 additions & 0 deletions

File tree

java/ql/src/Security/CWE/CWE-036/OpenStream.ql

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,11 @@
1+
/**
2+
* @name Calling openStream on URLs created from remote source can lead to file disclosure
3+
* @description If openStream is called on a java.net.URL, that was created from a remote source
4+
* an attacker can try to pass absolute URLs starting with file:// or jar:// to access
5+
* local resources in addition to remote ones.
6+
* @kind path-problem
7+
*/
8+
19
import java
210
import semmle.code.java.dataflow.TaintTracking
311
import semmle.code.java.dataflow.FlowSources

0 commit comments

Comments
 (0)