add .jar and .war to the list of sensitive files for js/insecure-download

erik-krogh · erik-krogh · commit e8db624e749a · 2020-06-15T16:48:07.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll b/javascript/ql/src/semmle/javascript/security/dataflow/InsecureDownloadCustomizations.qll
@@ -53,7 +53,7 @@ module InsecureDownload {
   string unsafeExtension() {
     result =
       ["exe", "dmg", "pkg", "tar.gz", "zip", "sh", "bat", "cmd", "app", "apk", "msi", "dmg",
-          "tar.gz", "zip", "js", "py"]
+          "tar.gz", "zip", "js", "py", "jar", "war"]
   }
 
   /**

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ module InsecureDownload {`
`53`	`53`	`string unsafeExtension() {`
`54`	`54`	`result =`
`55`	`55`	`["exe", "dmg", "pkg", "tar.gz", "zip", "sh", "bat", "cmd", "app", "apk", "msi", "dmg",`
`56`		`- "tar.gz", "zip", "js", "py"]`
	`56`	`+ "tar.gz", "zip", "js", "py", "jar", "war"]`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`/**`