File tree Expand file tree Collapse file tree 1 file changed +2
-2
lines changed
java/ql/src/Security/CWE/CWE-094 Expand file tree Collapse file tree 1 file changed +2
-2
lines changed Original file line number Diff line number Diff line change @@ -28,9 +28,9 @@ This is typically done when using Groovy for its scripting or domain specific la
2828The fundamental problem is that Groovy is a dynamic language, yet <code >SecureASTCustomizer</code > works by looking at Groovy AST statically.
2929
3030This makes it very easy for an attacker to bypass many of the intended checks
31- (see https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/).
31+ (see [Groovy SecureASTCustomizer is harmful]( https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/) ).
3232Therefore, besides <code >SecureASTCustomizer</code >, runtime checks are also necessary before calling Groovy methods
33- (see https://melix.github.io/blog/2015/03/sandboxing.html).
33+ (see [Improved sandboxing of Groovy scripts]( https://melix.github.io/blog/2015/03/sandboxing.html) ).
3434
3535It is also possible to use a block-list method, excluding unwanted classes from being loaded by the JVM.
3636This method is not always recommended, because block-lists can be bypassed by unexpected values.
You can’t perform that action at this time.
0 commit comments