apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-12 19:55:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

Precision pass on auth and resource analysis (#63)

Browse source
This commit is contained in:
Eli Peter 2026-05-03 13:51:46 -04:00 committed by GitHub
parent 064801a3a4
commit c7c5e0f3a1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
62 changed files with 4248 additions and 138 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/labels/java.rs
View file

@ -103,6 +103,21 @@ pub static RULES: &[LabelRule] = &[
label: DataLabel::Sink(Cap::SQL_QUERY),
case_sensitive: false,
},
// JDBC `Statement.execute(String)` / `executeBatch` / `executeLargeUpdate`.
// Bare `execute` over-fires (Runnable.run callbacks, Executor.execute,
// HttpClient.execute), so these only fire via type-qualified resolution
// when the receiver's TypeKind is DatabaseConnection (the kind both
// `Connection` and `Statement` map to in `class_name_to_type_kind`).
// Surfaced by GHSA-h8cj-hpmg-636v (Appsmith FilterDataServiceCE.dropTable).
LabelRule {
matchers: &[
"DatabaseConnection.execute",
"DatabaseConnection.executeBatch",
"DatabaseConnection.executeLargeUpdate",
],
label: DataLabel::Sink(Cap::SQL_QUERY),
case_sensitive: true,
},
LabelRule {
matchers: &["Class.forName"],
label: DataLabel::Sink(Cap::CODE_EXEC),