CodeQL-rules.md

CodeQL for Java规则

Spring Boot actuator endpoints github/securitylab#42

CodeQL检测SpringBoot应用敏感信息的返回

https://mp.weixin.qq.com/s/7wJKMVyc36U-PciZGmjrcg?from=singlemessage&isappinstalled=0&scene=1&clicktime=1634046702&enterid=1634046702

【CWE-90】LDAP Injection github/securitylab#27 https://ggolawski.github.io/2020/08/06/cve-2020-1958-ldap-injection-druid.html https://github.com/ggolawski/CVE-2020-9495

JNDI injections github/securitylab#66

【CWE-918】SSRF github/securitylab#84

MVEL injections github/securitylab#72

Spring项目的CSRF漏洞 github/securitylab#24

【CWE-094】ScriptEngine注入 github/securitylab#40

【CWE-643】XPath注入 github/securitylab#36

OGNL injections github/securitylab#69

XSLT injections github/securitylab#75

CRLF Injection（due to disabled header validation） github/securitylab#22 CVE-2019-17513 - Ratpack CVE-2019-16771 - line/armeria

Detect Dangerous Spring Service Exporters With CodeQL How to make sure that CVE-2016-1000027 does not affect your application https://infosecwriteups.com/detect-dangerous-spring-service-exporters-with-codeql-c3c800b7b2de

CodeQL with CVE-2021-2471

Ref

• https://hackerone.com/github-security-lab/hacktivity?type=team
• https://www.youtube.com/watch?v=nvCd0Ee4FgE
• https://www.youtube.com/watch?v=qStzSfsEQGQ
• CodeQL Java 全网最全的中文学习资料
• https://github.com/safe6Sec/CodeqlNote
• https://mp.weixin.qq.com/s/vElNyQzChNAgmhXE80SFDA
• https://mp.weixin.qq.com/s/5UmBkqCsBt64WY2JllIVSw