[Kotlin]: Add support for Ktor framework

Question

[Kotlin]: Add support for Ktor framework

am0o0 opened this issue 8 months ago · comments

Am commented 8 months ago

Query PR

github/codeql#14959

Language

Java

CVE(s) ID list

WIP

CWE

No response

Report

I tried to support the whole framework both the client side and server side.
the scope of SSRF, user-controllable sources, XSS, Unsafe LDAP, and Sensitive APIs (hard coded secret) has been extended by this submission, this is the biggest and most used web framework written in Kotlin, and I hope it is a useful extension for all.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

Yes
No

Blog post link

No response

Xavier RENE-CORAIL · Answer 1 · Sat Jun 29 2024 01:12:28 GMT+0800 (China Standard Time)

Closing upon request from @am0o0

GitHub Security Lab · Answer 2 · Sat Jun 29 2024 01:13:04 GMT+0800 (China Standard Time)

Your submission is now in status Closed.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed