Skip to content
Navigation Menu
Toggle navigation
Sign in
Appearance settings
Platform
AI CODE CREATION
GitHub Copilot
Write better code with AI
GitHub Copilot app
Direct agents from issue to merge
MCP Registry
New
Integrate external tools
DEVELOPER WORKFLOWS
Actions
Automate any workflow
Codespaces
Instant dev environments
Issues
Plan and track work
Code Review
Manage code changes
APPLICATION SECURITY
GitHub Advanced Security
Find and fix vulnerabilities
Code security
Secure your code as you build
Secret protection
Stop leaks before they start
EXPLORE
Why GitHub
Documentation
Blog
Changelog
Marketplace
View all features
Solutions
BY COMPANY SIZE
Enterprises
Small and medium teams
Startups
Nonprofits
BY USE CASE
App Modernization
DevSecOps
DevOps
CI/CD
View all use cases
BY INDUSTRY
Healthcare
Financial services
Manufacturing
Government
View all industries
View all solutions
Resources
EXPLORE BY TOPIC
AI
Software Development
DevOps
Security
View all topics
EXPLORE BY TYPE
Customer stories
Events & webinars
Ebooks & reports
Business insights
GitHub Skills
SUPPORT & SERVICES
Documentation
Customer support
Community forum
Trust center
Partners
View all resources
Open Source
COMMUNITY
GitHub Sponsors
Fund open source developers
PROGRAMS
Security Lab
Maintainer Community
Accelerator
GitHub Stars
Archive Program
REPOSITORIES
Topics
Trending
Collections
Enterprise
ENTERPRISE SOLUTIONS
Enterprise platform
AI-powered developer platform
AVAILABLE ADD-ONS
GitHub Advanced Security
Enterprise-grade security features
Copilot for Business
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Search syntax tips
Provide feedback
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
Appearance settings
Resetting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
Uh oh!
There was an error while loading.
Please reload this page
.
github
/
codeql
Public
Notifications
You must be signed in to change notification settings
Fork
2k
Star
9.8k
Code
Issues
985
Pull requests
417
Discussions
Actions
Projects
Models
Security and quality
0
Insights
Additional navigation options
Code
Issues
Pull requests
Discussions
Actions
Projects
Models
Security and quality
Insights
Java: Promote Server-side template injection from experimental
#10352
Merged
atorralba
merged 14 commits into
github:main
github/codeql:main
from
atorralba:atorralba/promote-template-injection
atorralba/codeql:atorralba/promote-template-injection
Copy head branch name to clipboard
Sep 20, 2022
Conversation
Commits
14
(14)
Checks
Files changed
Merged
Java: Promote Server-side template injection from experimental
#10352
atorralba
merged 14 commits into
github:main
github/codeql:main
from
atorralba:atorralba/promote-template-injection
atorralba/codeql:atorralba/promote-template-injection
Copy head branch name to clipboard
Commits
Commits on Sep 7, 2022
Move files from experimental
atorralba
committed
cd61bd0
Copy full SHA for cd61bd0
Commits on Sep 8, 2022
Generate stubs, adapt tests
atorralba
committed
c972809
Copy full SHA for c972809
Refactor TemplateInjection libraries
atorralba
committed
b68e666
Copy full SHA for b68e666
Use InlineExpectationsTest
atorralba
committed
e311155
Copy full SHA for e311155
Docs changes
atorralba
committed
fb13e7f
Copy full SHA for fb13e7f
Add change note
atorralba
committed
6413de6
Copy full SHA for 6413de6
Commits on Sep 9, 2022
Fix bad models, add tests for those
atorralba
committed
d748fb5
Copy full SHA for d748fb5
Commits on Sep 12, 2022
Tainting the velocity context isn't exploitable
atorralba
committed
409a123
Copy full SHA for 409a123
Add security-severity
atorralba
committed
dd6257c
Copy full SHA for dd6257c
Tainting the freemarker dataModel isn't exploitable
atorralba
committed
79a32f1
Copy full SHA for 79a32f1
Add thymeleaf steps
atorralba
committed
f412f43
Copy full SHA for f412f43
Commits on Sep 16, 2022
Address review comments re: flow states
atorralba
committed
3141fda
Copy full SHA for 3141fda
Commits on Sep 20, 2022
Apply suggestions from code review
Show description for 4997f36
atorralba
and
mchammer01
authored
4997f36
Copy full SHA for 4997f36
Update java/ql/src/Security/CWE/CWE-094/TemplateInjection.qhelp
Show description for 4af29e6
atorralba
and
mchammer01
authored
4af29e6
Copy full SHA for 4af29e6
You can’t perform that action at this time.