Skip to content

/ securitylab

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CodeQL query to detect XSLT injections #75

Closed
ggolawski opened this issue Apr 27, 2020 · 8 comments
Closed

CodeQL query to detect XSLT injections #75

ggolawski opened this issue Apr 27, 2020 · 8 comments
Labels
All For One

Comments

@ggolawski
Copy link

@ggolawski ggolawski commented Apr 27, 2020

CVE ID(s)

There's no CVE for this.

Report

I created a query to detect XSLT injections in Java code. The query raises a flag if user-provided XSLT stylesheet is processed. StreamSource, SAXSource, StAXSource and DOMSource are supported as well as creating the Transformer via Templates.

XSLT injection can lead to RCE.

The details are present in PR: github/codeql#3363

  • Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing
@ghsecuritylab
Copy link
Collaborator

@ghsecuritylab ghsecuritylab commented Aug 20, 2020

Your submission is now in status CodeQL review.

For information, the evaluation workflow is the following:
CodeQL initial assessment > SecLab review > CodeQL review > SecLab finalize > Pay > Closed
@ghsecuritylab
Copy link
Collaborator

@ghsecuritylab ghsecuritylab commented Sep 1, 2020

Your submission is now in status SecLab finalize.

For information, the evaluation workflow is the following:
CodeQL initial assessment > SecLab review > CodeQL review > SecLab finalize > Pay > Closed
@ghsecuritylab
Copy link
Collaborator

@ghsecuritylab ghsecuritylab commented Sep 3, 2020

Your submission is now in status Pay.

For information, the evaluation workflow is the following:
CodeQL initial assessment > SecLab review > CodeQL review > SecLab finalize > Pay > Closed
@xcorail
Copy link
Contributor

@xcorail xcorail commented Sep 3, 2020

Created Hackerone report 974368 for bounty 243563 : [75] CodeQL query to detect XSLT injections 🎉
@xcorail xcorail closed this Sep 3, 2020
@ghsecuritylab
Copy link
Collaborator

@ghsecuritylab ghsecuritylab commented Sep 3, 2020

Your submission is now in status Closed.

For information, the evaluation workflow is the following:
CodeQL initial assessment > SecLab review > CodeQL review > SecLab finalize > Pay > Closed
@ggolawski
Copy link
Author

@ggolawski ggolawski commented Sep 4, 2020

Thank you @xcorail !
@xcorail
Copy link
Contributor

@xcorail xcorail commented Sep 4, 2020

@ggolawski we are going to tweet about your contribution, do you consent to be named, and if yes can you give us your twitter handle? (you can do it privately)
@ggolawski
Copy link
Author

@ggolawski ggolawski commented Sep 4, 2020

@xcorail feel free to name me. My twitter handle is @ggolawski.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
All For One
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@xcorail @ggolawski @ghsecuritylab
You can’t perform that action at this time.