Skip to content

[WIP] Java : Add support for detecting Template Injections in Java.#3353

Closed
ghost wants to merge 1 commit into
mainfrom
unknown repository
Closed

[WIP] Java : Add support for detecting Template Injections in Java.#3353
ghost wants to merge 1 commit into
mainfrom
unknown repository

Conversation

@ghost

@ghost ghost commented Apr 24, 2020

Copy link
Copy Markdown

This is a WIP. Please don't merge.

-- EDIT --
I have only included files for Velocity and Freemarker but I am trying to add Pebble too.

@pwntester

Copy link
Copy Markdown
Contributor

Hey @porcupineyhairs, it is great you are working on a SSTI query. I wrote this query that I used for some research but didnt get the time to make a proper PR. Since you are already working in this query you may want to consider the sinks in my query.

@ghost

ghost commented May 22, 2020

Copy link
Copy Markdown
Author

@pwntester Your query is definitely useful. I will include it with my PR and push the changes over the weekend.

@ghost

ghost commented May 25, 2020

Copy link
Copy Markdown
Author

@aschackmull @pwntester Does java have something like debstubber or I am to manually stub the dependencies?

@aschackmull

Copy link
Copy Markdown
Contributor

Not to my knowledge, unfortunately. So far, we've been adding stubs manually.

@adityasharad adityasharad changed the base branch from master to main August 14, 2020 18:34
@ghost ghost mentioned this pull request May 20, 2021
@ghost

ghost commented May 20, 2021

Copy link
Copy Markdown
Author

I am closing this as the main has moved during the time this was pending.

Instead I am have opened a new PR #5935 with the necessary changes.

@ghost ghost closed this May 20, 2021
@ghost ghost deleted the TemplateInjection branch May 20, 2021 20:50
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3 participants