Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / openrewrite/rewrite-java-security issues and pull requests
#88 - spelling: separator
Pull Request -
State: closed - Opened by jsoref about 1 year ago
#87 - Chore: Refactor to using `rewrite-analysis`
Pull Request -
State: closed - Opened by JLLeitschuh about 1 year ago
#86 - OpenRewrite 8.0 upgrade
Pull Request -
State: open - Opened by knutwannheden about 1 year ago
#85 - adjusted usages of UsesType for includeImplicit
Pull Request -
State: closed - Opened by nmck257 over 1 year ago
#84 - Fix SnakeYaml Test Failure
Pull Request -
State: closed - Opened by JLLeitschuh over 1 year ago
- 1 comment
#83 - `SecureSnakeYamlConstructorTest` fails due to `AST contains missing or invalid type information` error
Issue -
State: open - Opened by JLLeitschuh over 1 year ago
Labels: bug
#82 - fix: correct CsrfProtection recipe applicable test
Pull Request -
State: closed - Opened by kunli2 over 1 year ago
#81 - refactor: Update OWASP suppression date bounds
Pull Request -
State: closed - Opened by sjungling over 1 year ago
#80 - refactor: Common static analysis issues
Pull Request -
State: closed - Opened by timtebeek over 1 year ago
#79 - UseFilesCreateTempDirectory: Support Apache Commons IO
Pull Request -
State: closed - Opened by JLLeitschuh over 1 year ago
#78 - Recipe to upgrade / pin Jackson version depending on context
Issue -
State: open - Opened by timtebeek over 1 year ago
Labels: recipe
#77 - chore: Owasp suppression updates
Pull Request -
State: closed - Opened by kmccarp over 1 year ago
#76 - chore: Owasp dependency updates
Pull Request -
State: closed - Opened by kmccarp over 1 year ago
#75 - Upgrade Gradle wrapper to 7.6 and add checksum validation
Pull Request -
State: closed - Opened by timtebeek over 1 year ago
Labels: enhancement
#74 - build: update gradle wrapper to 7.6
Pull Request -
State: closed - Opened by yeikel over 1 year ago
- 4 comments
Labels: enhancement
#73 - Various Fixes & Test Addition
Pull Request -
State: closed - Opened by JLLeitschuh over 1 year ago
#72 - Configure Renovate
Pull Request -
State: closed - Opened by renovate[bot] over 1 year ago
- 1 comment
#71 - org.openrewrite.java.security.UseFilesCreateTempDirectory asserts
Issue -
State: open - Opened by gadams00 almost 2 years ago
- 1 comment
Labels: bug
#70 - SecureSnakeYamlConstructor: Increase Scope, decrease False Positives
Pull Request -
State: closed - Opened by JLLeitschuh over 1 year ago
#69 - fix: use `@Value` annotation to attempt to fix missing opt
Pull Request -
State: closed - Opened by sjungling over 1 year ago
Labels: bug
#68 - chore: update suppressions for new false positives
Pull Request -
State: closed - Opened by natedanner over 1 year ago
Labels: dependencies
#67 - Support source file filtering for SecureTempFileCreation
Pull Request -
State: closed - Opened by JLLeitschuh over 1 year ago
Labels: enhancement
#66 - Add missing language highlighting comments in ZipSlip Test
Pull Request -
State: closed - Opened by JLLeitschuh over 1 year ago
Labels: enhancement
#65 - Revert "chore: update jackson"
Pull Request -
State: closed - Opened by zieka over 1 year ago
Labels: dependencies
#64 - chore: update jackson
Pull Request -
State: closed - Opened by zieka over 1 year ago
Labels: dependencies
#63 - Detect secrets recipe
Pull Request -
State: closed - Opened by jkschneider over 1 year ago
Labels: recipe
#62 - Improve REDOS Recipie
Pull Request -
State: closed - Opened by JLLeitschuh over 1 year ago
- 2 comments
Labels: enhancement
#61 - `NoSuchMethodError: j.l.String o.o.j.t.Comment.printComment(o.o.Cursor)` after upgrade 1.16.0 -> 1.17.0
Issue -
State: closed - Opened by pzygielo over 1 year ago
- 3 comments
Labels: question
#60 - UseSecureRandom not changing a Random in unknown circumstance
Issue -
State: closed - Opened by moderne-meeseeks[bot] almost 2 years ago
Labels: bug
#59 - Add ReDOS Vulnerability Fix
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
#58 - Control flow can not generate fake conditional when the for each iterable is of type J$Ternary
Issue -
State: open - Opened by JLLeitschuh almost 2 years ago
Labels: bug
#56 - Fix IOException not always generating correctly
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
- 1 comment
Labels: bug
#55 - Zip Slip: Throw IOException where safe to do so
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
Labels: bug
#52 - Fix some bugs in Partial Path and Zip Slip
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
Labels: bug
#50 - Don't fix Partial Path Traversal if vuln is Zip Slip
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
- 1 comment
Labels: bug
#49 - Fix Zip Partial Path before fixing Zip Slip
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
- 1 comment
Labels: bug
#48 - Further Zip Slip Improvements
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
Labels: enhancement
#47 - chore: update suppressions
Pull Request -
State: closed - Opened by sjungling almost 2 years ago
Labels: enhancement
#46 - Further improve Zip Slip fix with Partial Path Traversal
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
- 1 comment
Labels: enhancement
#45 - Issue discovered with `src/main/java/gate/util/reporting/DocTimeReporter.java`
Issue -
State: closed - Opened by JLLeitschuh almost 2 years ago
Labels: bug
#44 - Issue discovered with `src/main/java/org/dtk/util/FileUtil.java`
Issue -
State: closed - Opened by JLLeitschuh almost 2 years ago
- 1 comment
Labels: bug
#43 - Further improvements to Zip Slip
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
Labels: enhancement
#42 - Fix FileConstructorFixVisitor
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
Labels: enhancement
#41 - Continued work on Zip Slip
Pull Request -
State: closed - Opened by JLLeitschuh almost 2 years ago
Labels: enhancement
#40 - Issue discovered with UseFilesCreateTempDirectory
Issue -
State: closed - Opened by kmccarp almost 2 years ago
- 1 comment
Labels: bug
#39 - Significantly improve performance of Partial Path Traversal
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: enhancement
#38 - Only run PartialPath when String#startsWith AND File#getCanonicalPath is present
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: enhancement
#37 - Fix Partial Path in context of try-catch around getCanonicalPath
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
#36 - Add test for getCanonicalPath in try block
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: enhancement
#35 - Improve the Partial Path Traversal Vulnerability Fix
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: bug
#34 - Use Files#createTempDirectory, Remove unnecessary statements in the block when removing the guard from a return statement
Issue -
State: closed - Opened by pway99 about 2 years ago
- 1 comment
Labels: bug
#33 - UseFilesCreateTempDirectory should remove should remove unnecessary`assert(true)` statement.
Issue -
State: closed - Opened by pway99 about 2 years ago
- 1 comment
Labels: bug
#32 - Fix: Multiple Sources in Partial Path Traversal Vulnerability Fix
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: bug
#31 - chore: suppress security false positive for Spring Security Crypto
Pull Request -
State: closed - Opened by natedanner about 2 years ago
- 1 comment
Labels: dependencies
#30 - Fix DataFlow use after API breaking change + test new DataFlow
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: bug
#29 - refactor: Format Java code
Pull Request -
State: closed - Opened by sjungling about 2 years ago
- 1 comment
#28 - chore: address vulnerability reports
Pull Request -
State: closed - Opened by pway99 about 2 years ago
Labels: dependencies
#27 - Complete support for Data Flow support for the Partial Path Traversal fix
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: enhancement
#26 - Add Data Flow support for the Partial Path Traversal fix
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: enhancement
#25 - Add `startsWith(any(String))` support to partial-path-traversal fix
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
#24 - ZipSlip Fix Recipe
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
- 1 comment
Labels: recipe
#23 - Recipe: Partial Path Traversal Vulnerability
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: recipe
#22 - Simple comments and sanity assertions in temp dir logic
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: enhancement
#21 - Fix all source file line endings
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
Labels: bug
#20 - Fix bugs in `SecureTempFileCreation` & `UseFilesCreateTempDirectory`
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
- 2 comments
Labels: bug
#19 - Fix UseFilesCreateTempDirectory to support expressions in control statements
Pull Request -
State: closed - Opened by JLLeitschuh about 2 years ago
- 1 comment
#17 - UseFilesCreateTempDirectory replaces File#mkdir with Files#createTempDirectory when the file is expected to have a known path
Issue -
State: closed - Opened by pway99 over 2 years ago
Labels: bug
#16 - Prevent temp directory hijacking
Pull Request -
State: closed - Opened by pway99 over 2 years ago
- 1 comment
#15 - refactor: Format Java code
Pull Request -
State: closed - Opened by sjungling over 2 years ago
#14 - Temp file vulnerability remediation DRAFT
Pull Request -
State: closed - Opened by pway99 over 2 years ago
- 2 comments
Labels: enhancement
#13 - `UseFilesCreateTempDirectory` should convert `File#mkdir()` when the path is from `java.io.tmpdir`
Issue -
State: closed - Opened by pway99 over 2 years ago
Labels: enhancement
#12 - refactor: Format Java code
Pull Request -
State: closed - Opened by sjungling over 2 years ago
#11 - Move `UseFilesCreateTempDirectory` from `rewrite-java` to `rewrite-java-security`
Issue -
State: closed - Opened by pway99 over 2 years ago
#10 - Add Recipe(s) for mitigating Local Temp Directory Hijacking Vulnerabilities
Issue -
State: open - Opened by pway99 over 2 years ago
Labels: recipe
#9 - Issue discovered with `src/test/java/com/google/auto/common/OverridesTest.java`
Issue -
State: closed - Opened by JLLeitschuh over 2 years ago
Labels: bug
#8 - SecureTempFileCreation does not account for Temp File information disclosure vulnerabilities.
Issue -
State: open - Opened by JLLeitschuh over 2 years ago
- 2 comments
Labels: bug
#7 - Issue discovered with `distributedlog-core/src/main/java/com/twitter/distributedlog/LocalDLMEmulator.java`
Issue -
State: closed - Opened by JLLeitschuh over 2 years ago
- 6 comments
Labels: bug
#6 - ci: repository-backup workflow
Pull Request -
State: closed - Opened by aegershman over 2 years ago
- 1 comment
#5 - ci: dependency-check reusable workflow
Pull Request -
State: closed - Opened by aegershman over 2 years ago
- 1 comment
#4 - build: gradle wrapper 7.3.3
Pull Request -
State: closed - Opened by aegershman over 2 years ago
- 1 comment
#3 - ci: daily dependabot, no PRs, just staying vigilant
Pull Request -
State: closed - Opened by aegershman over 2 years ago
- 1 comment
#2 - chore(ci): bump styfle/cancel-workflow-action from 0.8.0 to 0.9.1
Pull Request -
State: closed - Opened by dependabot[bot] over 2 years ago
Labels: dependencies
#1 - Using unsafe Jackson deserialization configuration is security-sensitive
Issue -
State: open - Opened by jkschneider almost 3 years ago
- 3 comments
Labels: recipe