Skip to content

Latest commit

 

History

History
7 lines (5 loc) · 635 Bytes

File metadata and controls

7 lines (5 loc) · 635 Bytes

9.2.1

Minor Analysis Improvements

  • Regular expression checks via annotation with @javax.validation.constraints.Pattern are now recognized as sanitizers for java/path-injection.
  • Added summary and LLM-generated source and sink models for org.apache.poi.
  • The first argument of the uri method of WebClient$UriSpec in org.springframework.web.reactive.function.client is now considered a request forgery sink. Previously only the first arguments of the WebClient.create and WebClient$Builder.baseUrl methods were considered. This may lead to more alerts for the query java/ssrf (Server-side request forgery).