[SP-6642][PPP-4772] RCE injection via connection's JNDI database name

pentaho / pentaho-platform

Pentaho BA Server Core

http://www.pentaho.com

Other

473 stars 723 forks source link

[SP-6642][PPP-4772] RCE injection via connection's JNDI database name #5780

Closed dcleao closed 1 week ago

dcleao commented 2 weeks ago

Backport of: https://github.com/pentaho/pentaho-platform/pull/5674.

Merge with:

https://github.com/pentaho/pentaho-platform-ee/pull/1798

@pentaho/hoth, please review.

hitachivantarasonarqube[bot] commented 2 weeks ago

Quality Gate failed

Failed conditions
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

buildguy commented 2 weeks ago

[![👍 Frogbot scanned this pull request and did not find any new security issues.](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/noVulnerabilityBannerPR.png)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

Note:

---

**Frogbot** also supports **Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning**. This features are included as part of the [JFrog Advanced Security](https://jfrog.com/advanced-security) package, which isn't enabled on your system.

[🐸 JFrog Frogbot](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

buildguy commented 2 weeks ago

:white_check_mark: Build finished in 21m 29s

Build command:

mvn clean verify -B -e -Daudit -Djs.no.sandbox -pl \
assemblies/pentaho-solutions,core

:ok_hand: All tests passed!

Tests run: 570, Failures: 0, Skipped: 0 Test Results

:information_source: This is an automatic message