-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test(codeql): add known security issue #4724
base: master
Are you sure you want to change the base?
Conversation
...src/main/java/org/camunda/bpm/container/impl/deployment/AbstractParseBpmPlatformXmlStep.java
Fixed
Show fixed
Hide fixed
...src/main/java/org/camunda/bpm/container/impl/deployment/AbstractParseBpmPlatformXmlStep.java
Fixed
Show fixed
Hide fixed
43bde91
to
88bd3e4
Compare
88bd3e4
to
5b72ae9
Compare
@@ -215,6 +215,18 @@ | |||
return fileLocation; | |||
} | |||
|
|||
public URL testMethod(String url) throws MalformedURLException { | |||
Pattern pattern = Pattern.compile("^(/|[A-z]://?|A-Za-z]:\\\\).*[/|\\\\]bpm-platform\\.xml$"); |
Check warning
Code scanning / CodeQL
Overly permissive regular expression range Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 2 months ago
To fix the problem, we need to correct the regular expression to match only the intended characters. Specifically, we should replace the overly permissive range A-z
with the correct ranges for uppercase and lowercase letters, which are A-Z
and a-z
, respectively.
- General fix: Replace the
A-z
range withA-Za-z
to ensure only alphabetic characters are matched. - Detailed fix: Modify the regular expression on line 219 in the
testMethod
to useA-Za-z
instead ofA-z
. - Specific changes: Update the
Pattern.compile
call in thetestMethod
to use the corrected character range. - Requirements: No additional methods, imports, or definitions are needed to implement this change.
-
Copy modified line R219
@@ -218,3 +218,3 @@ | ||
public URL testMethod(String url) throws MalformedURLException { | ||
Pattern pattern = Pattern.compile("^(/|[A-z]://?|A-Za-z]:\\\\).*[/|\\\\]bpm-platform\\.xml$"); | ||
Pattern pattern = Pattern.compile("^(/|[A-Za-z]://?|[A-Za-z]:\\\\).*[/|\\\\]bpm-platform\\.xml$"); | ||
Matcher fileMatcher = pattern.matcher(url); |
Related to https://github.com/camunda/team-automation-platform/issues/206
Warning
Only for testing