Skip to content

Commit 5c15ad4

Browse files
michaelnebelmichaelnebel
committed
Java: Convert log4j-injection to data extensions.
1 parent 665d40d commit 5c15ad4

File tree

3 files changed

+373
-153
lines changed

3 files changed

+373
-153
lines changed

java/ql/lib/ext/experimental/org.apache.logging.log4j.message.model.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/java-all
4+
extensible: extExperimentalSummaryModel
5+
data:
6+
- ["org.apache.logging.log4j.message", "MapMessage", True, "put", "", "", "Argument[1]", "Argument[-1]", "taint", "manual", "log4j-injection"]
7+
- ["org.apache.logging.log4j.message", "MapMessage", True, "putAll", "", "", "Argument[0].MapValue", "Argument[-1]", "taint", "manual", "log4j-injection"]
8+
- ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[-1]", "ReturnValue", "value", "manual", "log4j-injection"]
9+
- ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[1]", "Argument[-1]", "taint", "manual", "log4j-injection"]

0 commit comments

Comments
 (0)