Skip to content

Commit 25159b0

Browse files
springkillspringkill
authored
Merge pull request #28 from SpringKill-team/feature/delete-files
Feature/delete files
2 parents edd441a + 263e348 commit 25159b0

60 files changed

Lines changed: 14 additions & 2876 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

src/main/kotlin/org/skgroup/securityinspector/sinkrules/SinkList.kt

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,9 @@ object SinkList {
2222
private val systemDosDefinition = SubVulnerabilityDefinition(
2323
subType = SubVulnerabilityType.SYSTEM_DOS,
2424
methodSinks = mapOf(
25-
"java.lang.System" to setOf()
25+
"java.lang.System" to setOf("exit"),
26+
"java.lang.Shutdown" to setOf("exit"),
27+
"java.lang.Runtime" to setOf("exit")
2628
),
2729
constructorSinks = emptySet(),
2830
isCall = true
@@ -226,20 +228,17 @@ object SinkList {
226228
private val elRceDefinition = SubVulnerabilityDefinition(
227229
subType = SubVulnerabilityType.ELRCE,
228230
methodSinks = mapOf(
229-
"javax.el.ExpressionFactory" to setOf("createMethodExpression"),
231+
"javax.el.ExpressionFactory" to setOf("createMethodExpression","createValueExpression"),
230232
"javax.el.ELProcessor" to setOf("eval", "getValue"),
231-
"javax.el.ExpressionFactory" to setOf("createValueExpression")
232233
),
233234
constructorSinks = emptySet(),
234235
isCall = true
235236
)
236237

237238
private val expressionRceDefinition = SubVulnerabilityDefinition(
238239
subType = SubVulnerabilityType.EXPRESSION_RCE,
239-
methodSinks = mapOf(
240-
"java.beans.Expression" to emptySet()
241-
),
242-
constructorSinks = emptySet(),
240+
methodSinks = emptyMap(),
241+
constructorSinks = setOf("java.beans.Expression"),
243242
isCall = true
244243
)
245244

@@ -604,7 +603,7 @@ object SinkList {
604603
subType = SubVulnerabilityType.JSOUP_SSRF,
605604
methodSinks = mapOf(
606605
"org.jsoup.Jsoup" to setOf("connect"),
607-
"org.jsoup.Connection" to setOf("get", "post", "put", "delete", "options", "trace", "patch")
606+
"org.jsoup.Connection" to setOf("get", "post", "put", "delete", "options", "trace", "patch","execute")
608607
),
609608
constructorSinks = emptySet(),
610609
isCall = true

src/main/kotlin/org/skgroup/securityinspector/sinkrules/dos/NettyResponseSplitting.kt

Lines changed: 0 additions & 83 deletions
This file was deleted.

src/main/kotlin/org/skgroup/securityinspector/sinkrules/dos/SystemDOS.kt

Lines changed: 0 additions & 45 deletions
This file was deleted.

src/main/kotlin/org/skgroup/securityinspector/sinkrules/files/read/ReadFile.kt

Lines changed: 0 additions & 64 deletions
This file was deleted.

src/main/kotlin/org/skgroup/securityinspector/sinkrules/files/write/CommonsIO.kt

Lines changed: 0 additions & 50 deletions
This file was deleted.

src/main/kotlin/org/skgroup/securityinspector/sinkrules/files/write/IOFiles.kt

Lines changed: 0 additions & 58 deletions
This file was deleted.

0 commit comments

Comments
 (0)