Closed Mariovido closed 4 hours ago
Baseline | Candidate | |
---|---|---|
baseline_or_candidate | baseline | candidate |
git_branch | master | mario.vidal/json_parser_propagation |
git_commit_date | 1727682967 | 1727684368 |
git_commit_sha | efa3824d5d | 367dec7ac7 |
release_version | 1.40.0-SNAPSHOT~efa3824d5d | 1.40.0-SNAPSHOT~367dec7ac7 |
Found 0 performance improvements and 0 performance regressions! Performance is the same for 51 metrics, 12 unstable metrics.
Baseline | Candidate | |
---|---|---|
baseline_or_candidate | baseline | candidate |
end_time | 2024-09-30T08:40:04 | 2024-09-30T08:46:56 |
git_branch | master | mario.vidal/json_parser_propagation |
git_commit_date | 1727682967 | 1727684368 |
git_commit_sha | efa3824d5d | 367dec7ac7 |
release_version | 1.40.0-SNAPSHOT~efa3824d5d | 1.40.0-SNAPSHOT~367dec7ac7 |
start_time | 2024-09-30T08:39:50 | 2024-09-30T08:46:42 |
Found 0 performance improvements and 0 performance regressions! Performance is the same for 12 metrics, 16 unstable metrics.
Baseline | Candidate | |
---|---|---|
baseline_or_candidate | baseline | candidate |
git_branch | master | mario.vidal/json_parser_propagation |
git_commit_date | 1727682967 | 1727684368 |
git_commit_sha | efa3824d5d | 367dec7ac7 |
release_version | 1.40.0-SNAPSHOT~efa3824d5d | 1.40.0-SNAPSHOT~367dec7ac7 |
Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.
Baseline | Candidate | |
---|---|---|
baseline_or_candidate | baseline | candidate |
git_branch | master | mario.vidal/json_parser_propagation |
git_commit_date | 1727682967 | 1727684368 |
git_commit_sha | efa3824d5d3935a99a112dc3603b691e4bdeef79 | 367dec7ac7b47e74838914a934cfbd9579f22574 |
Found 0 performance improvements and 0 performance regressions! Performance is the same for 3 metrics, 0 unstable metrics.
Baseline | Candidate | |
---|---|---|
baseline_or_candidate | baseline | candidate |
git_branch | master | mario.vidal/json_parser_propagation |
git_commit_date | 1727682967 | 1727684368 |
git_commit_sha | efa3824d5d3935a99a112dc3603b691e4bdeef79 | 367dec7ac7b47e74838914a934cfbd9579f22574 |
Found 0 performance improvements and 0 performance regressions! Performance is the same for 3 metrics, 0 unstable metrics.
What Does This Do
This fix the unwanted tainting of field names that are being interned by the parser. This is making us report vulnerabilities that we don't want to report. One example could be SQL Injection, where we are reporting an SQL Injection in the eBean framework due to the fact that we are tainting the name of a field in the request, and this name is interned, so when eBean look for it is tainted.
Motivation
It is motivated by the report of a client using eBean.
Additional Notes
Contributor Checklist
type:
and (comp:
orinst:
) labels in addition to any usefull labelsclose
,fix
or any linking keywords when referencing an issue.Use
solves
instead, and assign the PR milestone to the issueJira ticket: APPSEC-54675