Skip to content

Commit

Permalink
test(codeql): add known security issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@joaquinfelici
joaquinfelici committed Oct 17, 2024
1 parent 09e84af commit 88bd3e4
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions .../main/java/org/camunda/bpm/container/impl/deployment/AbstractParseBpmPlatformXmlStep.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,18 @@ public URL lookupBpmPlatformXml() {
return fileLocation;
}

public URL testMethod(String url) throws MalformedURLException {
Pattern pattern = Pattern.compile("^(/|[A-z]://?|[A-z]:\\\\).*[/|\\\\]bpm-platform\\.xml$");

Check warning

Code scanning / CodeQL

Overly permissive regular expression range Medium

Suspicious character range that is equivalent to [A-Z\[\]^_`a-z].

Check warning

Code scanning / CodeQL

Overly permissive regular expression range Medium

Suspicious character range that is equivalent to [A-Z\[\]^_`a-z].
Matcher fileMatcher = pattern.matcher(url);
if (fileMatcher.matches()) {
File location = new File(url);
if (location.isAbsolute() && location.exists()) {
return location.toURI().toURL();
}
}
return null;
}

public abstract URL getBpmPlatformXmlStream(DeploymentOperation operationContext);

}

0 comments on commit 88bd3e4

Please sign in to comment.