search

github / securitylab

Resources related to GitHub Security Lab
https://securitylab.github.com
MIT License
1.4k stars 247 forks source link

[Kotlin]: Add support for Ktor framework #805

Closed am0o0 closed 3 months ago

am0o0 commented 10 months ago

Query PR

https://github.com/github/codeql/pull/14959

Language

Java

CVE(s) ID list

WIP

CWE

No response

Report

I tried to support the whole framework both the client side and server side. the scope of SSRF, user-controllable sources, XSS, Unsafe LDAP, and Sensitive APIs (hard coded secret) has been extended by this submission, this is the biggest and most used web framework written in Kotlin, and I hope it is a useful extension for all.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

Blog post link

No response

xcorail commented 3 months ago

Closing upon request from @am0o0

ghsecuritylab commented 3 months ago

Your submission is now in status Closed.

For information, the evaluation workflow is the following: Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed