Title: [Java] CWE-552: Query to detect unsafe request dispatcher usage · Issue #495 · github/securitylab · GitHub
Open Graph Title: [Java] CWE-552: Query to detect unsafe request dispatcher usage · Issue #495 · github/securitylab
X Title: [Java] CWE-552: Query to detect unsafe request dispatcher usage · Issue #495 · github/securitylab
Description: Query Link to pull request with your CodeQL query: Relevant PR: github/codeql#7286 CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database. CVE-2021-28169 Re...
Open Graph Description: Query Link to pull request with your CodeQL query: Relevant PR: github/codeql#7286 CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the Git...
X Description: Query Link to pull request with your CodeQL query: Relevant PR: github/codeql#7286 CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the Git...
Opengraph URL: https://github.com/github/securitylab/issues/495
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"[Java] CWE-552: Query to detect unsafe request dispatcher usage","articleBody":"## Query\r\n\r\n*Link to pull request with your CodeQL query:*\r\n\r\nRelevant PR: https://github.com/github/codeql/pull/7286\r\n\r\n## CVE ID(s)\r\n\r\n*List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories).*\r\n\r\n- [CVE-2021-28169](https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq)\r\n\r\n## Report\r\n\r\n*Describe the vulnerability. Provide any information you think will help GitHub assess the impact your query has on the open source community.*\r\n\r\nDirectly incorporating user input into HTTP requests dispatched from the Java EE RequestDispatcher without proper validation of the input can allow any web application resource such as configuration files and source code to be disclosed.\r\n\r\nAs stated in the [Java API doc](https://jakarta.ee/specifications/webprofile/9/apidocs/jakarta/servlet/servletrequest#getRequestDispatcher-java.lang.String-), when using a Java EE RequestDispatcher, requests may be dispatched to any part of the web application bypassing both implicit (no direct access to WEB-INF or META-INF) and explicit (defined by the web application) security constraints. Unsanitized user provided data must not be used to construct the path passed to the RequestDispatcher as it is very likely to create a security vulnerability in the application.\r\n\r\nThis query detects unsafe invocations of RequestDispatcher with user controlled input. Important features include:\r\n+ RequestDispatcher constructed from both HTTP request and servlet context\r\n+ Path traversal check\r\n+ Path encoding check\r\n+ Check of path normalization using the `java.nio.file.Path` package\r\n\r\n- [x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*\r\n\r\n## Result(s)\r\n\r\n*Provide at least one useful result found by your query, on some revision of a real project.*\r\n\r\n- [Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability](https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq)\r\n- [softways-sa/swift-framework](https://github.com/softways-sa/swift-framework/)\r\n- [Online Drug Store](https://github.com/shashankpangam/OnlineDrugStore)\r\n","author":{"url":"https://github.com/luchua-bc","@type":"Person","name":"luchua-bc"},"datePublished":"2021-12-02T04:19:53.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":15},"url":"https://github.com/495/securitylab/issues/495"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:b3e7f5c7-ee21-7cd4-115b-7c3f4e8b5877 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | B6EC:27DE9E:86687:B7011:6A4D50D2 |
| html-safe-nonce | 8d261a1929b2b03b1909f5c2ec0bbcd46958c45566b6b1ee0ff9f019e2f96925 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJCNkVDOjI3REU5RTo4NjY4NzpCNzAxMTo2QTRENTBEMiIsInZpc2l0b3JfaWQiOiIzNjYwNTg5NzEwMzU3Mzg1NDI2IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | a9b5ed2e1e3e7bcad793d0bd306195a6c01598bf9428b873ac3d42dc407bd39d |
| hovercard-subject-tag | issue:1069113086 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/securitylab/495/issue_layout |
| twitter:image | https://opengraph.githubassets.com/808e759cc8e2115abcdc9cf652d057caf01c54c1b99daa1b71b52c34ea07adc5/github/securitylab/issues/495 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/808e759cc8e2115abcdc9cf652d057caf01c54c1b99daa1b71b52c34ea07adc5/github/securitylab/issues/495 |
| og:image:alt | Query Link to pull request with your CodeQL query: Relevant PR: github/codeql#7286 CVE ID(s) List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the Git... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | luchua-bc |
| hostname | github.com |
| expected-hostname | github.com |
| None | 92571a8944142227b7e19cd10918b1ddd06e5066c1ad5bc7e4769cf6140a87e6 |
| turbo-cache-control | no-preview |
| go-import | github.com/github/securitylab git https://github.com/github/securitylab.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 221101274 |
| octolytics-dimension-repository_nwo | github/securitylab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 221101274 |
| octolytics-dimension-repository_network_root_nwo | github/securitylab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 56fc8347865a14e2ec811533d68f929cf4e0ec19 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width