Skip to content

Commit ae12535

Browse files
ESS-ENNESS-ENN
committed
Made changes as per suggestions of coderabbit ai bot
1 parent b62d49a commit ae12535

10 files changed

+57
-19
lines changed

rules/scala/security/xmlinputfactory-dtd-enabled-scala.yml

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -2,24 +2,24 @@ id: xmlinputfactory-dtd-enabled-scala
22
language: scala
33
severity: warning
44
message: >-
5-
XMLInputFactory being instantiated without calling the setProperty
6-
functions that are generally used for disabling entity processing. User
7-
controlled data in XML Document builder can result in XML Internal Entity
8-
Processing vulnerabilities like the disclosure of confidential data,
9-
denial of service, Server Side Request Forgery (SSRF), port scanning. Make
10-
sure to disable entity processing functionality.
5+
XMLInputFactory being instantiated without calling the setProperty
6+
functions that are generally used for disabling entity processing. User
7+
controlled data in XML Document builder can result in XML Internal Entity
8+
Processing vulnerabilities like the disclosure of confidential data,
9+
denial of service, Server Side Request Forgery (SSRF), port scanning. Make
10+
sure to disable entity processing functionality.
1111
note: >-
1212
[CWE-611] Improper Restriction of XML External Entity.
1313
[REFERENCES]
1414
- https://owasp.org/Top10/A05_2021-Security_Misconfiguration
1515
rule:
16-
any:
17-
- pattern: XMLInputFactory.newFactory($$$)
18-
- pattern: XMLInputFactory.newInstance($$$)
19-
- pattern: new XMLInputFactory($$$)
20-
precedes:
21-
not:
22-
pattern: $XMLFACTORY.setProperty($MODE, false)
16+
any:
17+
- pattern: XMLInputFactory.newFactory($$$)
18+
- pattern: XMLInputFactory.newInstance($$$)
19+
- pattern: new XMLInputFactory($$$)
20+
precedes:
21+
not:
22+
pattern: $XMLFACTORY.setProperty($MODE, false)
2323
constraints:
24-
MODE:
25-
regex: 'javax.xml.stream.isSupportingExternalEntities'
24+
MODE:
25+
regex: "javax.xml.stream.isSupportingExternalEntities"

tests/__snapshots__/cbc-padding-oracle-java-snapshot.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,10 @@ snapshots:
66
style: primary
77
start: 0
88
end: 42
9+
? |
10+
Cipher.getInstance("AES/CBC/PKCS5Padding");
11+
: labels:
12+
- source: Cipher.getInstance("AES/CBC/PKCS5Padding")
13+
style: primary
14+
start: 0
15+
end: 42

tests/__snapshots__/no-null-cipher-java-snapshot.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,3 +8,11 @@ snapshots:
88
style: primary
99
start: 25
1010
end: 41
11+
? |
12+
Cipher doNothingCihper = new NullCipher();
13+
new javax.crypto.NullCipher();
14+
: labels:
15+
- source: new NullCipher()
16+
style: primary
17+
start: 25
18+
end: 41

tests/__snapshots__/rsa-no-padding-java-snapshot.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,3 +8,11 @@ snapshots:
88
style: primary
99
start: 0
1010
end: 40
11+
? |
12+
Cipher.getInstance("RSA/None/NoPadding");
13+
Cipher.getInstance("RSA/NONE/NoPadding");
14+
: labels:
15+
- source: Cipher.getInstance("RSA/None/NoPadding")
16+
style: primary
17+
start: 0
18+
end: 40

tests/__snapshots__/rsa-padding-set-scala-snapshot.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,10 @@ snapshots:
66
style: primary
77
start: 0
88
end: 39
9+
? |
10+
Cipher.getInstance("RSA/ECB/NoPadding")
11+
: labels:
12+
- source: Cipher.getInstance("RSA/ECB/NoPadding")
13+
style: primary
14+
start: 0
15+
end: 39

tests/__snapshots__/xmlinputfactory-dtd-enabled-scala-snapshot.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,13 @@
11
id: xmlinputfactory-dtd-enabled-scala
22
snapshots:
3+
? |-
4+
val factory = XMLInputFactory.newFactory()
5+
val fileReader = new FileReader(file)
6+
: labels:
7+
- source: XMLInputFactory.newFactory()
8+
style: primary
9+
start: 14
10+
end: 42
311
? |-
412
val factory = XMLInputFactory.newFactory()
513
val fileReader = new FileReader(file)

tests/java/cbc-padding-oracle-java-test.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,4 @@ valid:
44
Cipher.getInstance("AES/GCM/NoPadding");
55
invalid:
66
- |
7-
Cipher.getInstance("AES/CBC/PKCS5Padding");
7+
Cipher.getInstance("AES/CBC/PKCS5Padding");

tests/java/no-null-cipher-java-test.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,4 @@ valid:
55
invalid:
66
- |
77
Cipher doNothingCihper = new NullCipher();
8-
new javax.crypto.NullCipher();
8+
new javax.crypto.NullCipher();

tests/java/rsa-no-padding-java-test.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,4 @@ valid:
55
invalid:
66
- |
77
Cipher.getInstance("RSA/None/NoPadding");
8-
Cipher.getInstance("RSA/NONE/NoPadding");
8+
Cipher.getInstance("RSA/NONE/NoPadding");

tests/scala/rsa-padding-set-scala-test.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,4 @@ valid:
66
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
77
invalid:
88
- |
9-
Cipher.getInstance("RSA/ECB/NoPadding")
9+
Cipher.getInstance("RSA/ECB/NoPadding")

0 commit comments

Comments
 (0)