File tree Expand file tree Collapse file tree
test/query-tests/security/CWE-829/semmle/tests Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -25,8 +25,7 @@ private class DeclaredRepository extends PomElement {
2525 string getUrl ( ) { result = getAChild ( "url" ) .( PomElement ) .getValue ( ) }
2626
2727 predicate isInsecureRepositoryUsage ( ) {
28- getUrl ( ) .matches ( "http://%" ) or
29- getUrl ( ) .matches ( "ftp://%" )
28+ getUrl ( ) .regexpMatch ( "(?i)^(http|ftp)://(?!localhost[:/]).*" )
3029 }
3130}
3231
Original file line number Diff line number Diff line change 33| insecure-pom.xml:31:9:36:30 | snapshotRepository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://localhost.example |
44| insecure-pom.xml:39:9:44:22 | repository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://insecure-repository.example |
55| insecure-pom.xml:47:9:52:28 | pluginRepository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://insecure-repository.example |
6- | secure-pom.xml:31:9:36:30 | snapshotRepository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://localhost/snaphots |
7- | secure-pom.xml:37:9:42:30 | snapshotRepository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://localhost:82 |
8- | secure-pom.xml:51:9:55:22 | repository | Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository http://localhost:${deploy.webserver.port}/repo |
You can’t perform that action at this time.
0 commit comments