• Home
• io.codemodder
• core-codemods
• 0.95.0
• source code
• report.json

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.codemodder.codemods.JEXLInjectionCodemod.report.json Maven / Gradle / Ivy

{
  "summary" : "Expression language injection (JEXL) (CodeQL)",
  "change": "Added a sandbox to prevent this expression from ever accessing well-known exploitation types",
  "reviewGuidanceJustification" : "This codemod prevents JEXL expressions from accessing dangerous types like `java.lang.Runtime`, so the risk of this change interrupting expected application activity is estimated to be very low.",
  "references" : [
    "https://codeql.github.com/codeql-query-help/java/java-jexl-expression-injection/",
    "https://commons.apache.org/proper/commons-jexl/apidocs/org/apache/commons/jexl3/introspection/JexlSandbox.html",
    "https://cwe.mitre.org/data/definitions/693.html",
    "https://cwe.mitre.org/data/definitions/94.html"
  ]
}