Title: [Java]: CWE-552 - Query to detect unsafe resource loading in Java Spring applications · Issue #675 · github/securitylab · GitHub
Open Graph Title: [Java]: CWE-552 - Query to detect unsafe resource loading in Java Spring applications · Issue #675 · github/securitylab
X Title: [Java]: CWE-552 - Query to detect unsafe resource loading in Java Spring applications · Issue #675 · github/securitylab
Description: Query PR github/codeql#9199 Language Java CVE(s) ID list CVE-2019-3799 CWE CWE-552: Files or Directories Accessible to External Parties Report What is the vulnerability? Directly incorporating user input into loading resource calls on th...
Open Graph Description: Query PR github/codeql#9199 Language Java CVE(s) ID list CVE-2019-3799 CWE CWE-552: Files or Directories Accessible to External Parties Report What is the vulnerability? Directly incorporating user...
X Description: Query PR github/codeql#9199 Language Java CVE(s) ID list CVE-2019-3799 CWE CWE-552: Files or Directories Accessible to External Parties Report What is the vulnerability? Directly incorporating user...
Opengraph URL: https://github.com/github/securitylab/issues/675
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"[Java]: CWE-552 - Query to detect unsafe resource loading in Java Spring applications ","articleBody":"### Query PR\r\n\r\nhttps://github.com/github/codeql/pull/9199\r\n\r\n### Language\r\n\r\nJava\r\n\r\n### CVE(s) ID list\r\n\r\n- [CVE-2019-3799](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3799)\r\n\r\n### CWE\r\n\r\nCWE-552: Files or Directories Accessible to External Parties\r\n\r\n### Report\r\n\r\n1. What is the vulnerability?\r\nDirectly incorporating user input into loading resource calls on the server side without proper validation of the input can allow any web application resource such as configuration files and source code to be disclosed.\r\n\r\n2. How does the vulnerability work?\r\nt is very common that Java Spring applications load requested resources and return file contents to clients. Constructing a server-side URI path with user input could allow an attacker to download application binaries (including application classes or jar files) or view arbitrary files within protected directories.\r\n\r\n3. What strategy do you use in your query to find the vulnerability?\r\nThis query detects unsafe usage of resource loading in Spring including the following APIs:\r\n - ClassPathResource\r\n - ResourceUtils\r\n - ResourceLoader and ApplicationContext\r\n\r\n4. How have you reduced the number of false positives?\r\nIt utilizes the path sanitizer library to reduce FPs:\r\n - Path traversal check\r\n - Path encoding check\r\n - Check of path normalization using the java.nio.file.Path package\r\n\r\n5. Other information?\r\nPlease refer to test cases in the sample program and [CVE-2019-3799 - Spring-Cloud-Config-Server Directory Traversal \u0026lt; 2.1.2, 2.0.4, 1.4.6](https://github.com/mpgn/CVE-2019-3799) for more information.\r\n\r\n### Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).\r\n\r\n- [X] Yes\r\n- [ ] No\r\n\r\n### Blog post link\r\n\r\n_No response_","author":{"url":"https://github.com/luchua-bc","@type":"Person","name":"luchua-bc"},"datePublished":"2022-05-17T19:18:29.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":12},"url":"https://github.com/675/securitylab/issues/675"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:faf39151-c49d-a757-f5ff-b9505565a51d |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 964E:C0E86:8660DB:B71D39:6A4D4A97 |
| html-safe-nonce | e65bb22b7ac18cd5ac84d8f1b8bf93b1b8c5124d9df1a3c152e9668e6e586f7f |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5NjRFOkMwRTg2Ojg2NjBEQjpCNzFEMzk6NkE0RDRBOTciLCJ2aXNpdG9yX2lkIjoiMzM0NjM3MTY1NTMyODY4MDU5OSIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 90eb4f6e948cb1237c578e5926c8ae3743c89cd881ad6c4b9981b416686b1563 |
| hovercard-subject-tag | issue:1239058640 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/securitylab/675/issue_layout |
| twitter:image | https://opengraph.githubassets.com/e4b4d490538cd4ec5d06632fa221d658f624cee348b55842e4966680379031d5/github/securitylab/issues/675 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/e4b4d490538cd4ec5d06632fa221d658f624cee348b55842e4966680379031d5/github/securitylab/issues/675 |
| og:image:alt | Query PR github/codeql#9199 Language Java CVE(s) ID list CVE-2019-3799 CWE CWE-552: Files or Directories Accessible to External Parties Report What is the vulnerability? Directly incorporating user... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | luchua-bc |
| hostname | github.com |
| expected-hostname | github.com |
| None | 92571a8944142227b7e19cd10918b1ddd06e5066c1ad5bc7e4769cf6140a87e6 |
| turbo-cache-control | no-preview |
| go-import | github.com/github/securitylab git https://github.com/github/securitylab.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 221101274 |
| octolytics-dimension-repository_nwo | github/securitylab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 221101274 |
| octolytics-dimension-repository_network_root_nwo | github/securitylab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 56fc8347865a14e2ec811533d68f929cf4e0ec19 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width