Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Spring framework RestTemplate SSRF sinks #618

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add Spring framework RestTemplate SSRF sinks #618

wants to merge 3 commits into from

Conversation

Quiark
Copy link

@Quiark Quiark commented Nov 30, 2020

Extension functions currently don't work because of #611

@codecov
Copy link

codecov bot commented Nov 30, 2020
edited

Codecov Report

Merging #618 (6ea0a21) into master (46a30fc) will increase coverage by 0.20%.
The diff coverage is 94.11%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #618      +/-   ##
============================================
+ Coverage     84.70%   84.90%   +0.20%     
- Complexity     1822     1873      +51     
============================================
  Files           151      154       +3     
  Lines          4942     5036      +94     
  Branches       1095     1124      +29     
============================================
+ Hits           4186     4276      +90     
  Misses          339      339              
- Partials        417      421       +4
Impacted Files Coverage Δ Complexity Δ
...dsecbugs/serial/ObjectDeserializationDetector.java 87.50% <75.00%> (+1.01%) 15.00 <0.00> (+1.00)
...findsecbugs/password/HashUnsafeEqualsDetector.java 96.49% <100.00%> (+0.74%) 24.00 <8.00> (+2.00)
...com/h3xstream/findsecbugs/taintanalysis/Taint.java 79.82% <100.00%> (+0.46%) 146.00 <2.00> (+3.00)
...cbugs/taintanalysis/TaintFrameModelingVisitor.java 79.11% <100.00%> (+0.44%) 142.00 <0.00> (+2.00)
...findsecbugs/wicket/WicketXssComponentDetector.java 97.77% <0.00%> (-0.10%) 14.00% <0.00%> (ø%)
.../com/h3xstream/findsecbugs/xss/XssJspDetector.java 80.00% <0.00%> (ø) 8.00% <0.00%> (ø%)
...m/findsecbugs/ldap/LdapEntryPoisoningDetector.java 92.30% <0.00%> (ø) 10.00% <0.00%> (ø%)
...m/findsecbugs/spring/CorsRegistryCORSDetector.java 82.85% <0.00%> (ø) 9.00% <0.00%> (ø%)
...gs/password/IntuitiveHardcodePasswordDetector.java 94.73% <0.00%> (ø) 10.00% <0.00%> (ø%)
...stream/findsecbugs/groovy/GroovyShellDetector.java 83.33% <0.00%> (ø) 7.00% <0.00%> (?%)
... and 11 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update af31473...6ea0a21. Read the comment docs.

h3xstream
h3xstream requested changes Dec 17, 2020
View reviewed changes
Copy link
Member

@h3xstream h3xstream left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! 👌
The only thing missing is at least one test cases.

I see many stub classes but none are used by test cases (not test samples).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@h3xstream h3xstream h3xstream requested changes

@karinagee-cod karinagee-cod karinagee-cod approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Quiark @h3xstream @karinagee-cod