In this article, I’ll discuss a CodeQL query for detecting JEXL Expression Language injection vulnerabilities.
First, I’ll give a brief overview of expression languages in general and JEXL in particular. I’ll also explain what Expression Language injection is and how to prevent it. Then, I’ll describe how the CodeQL query works. In addition, I’ll show a few vulnerabilities that have been found by the query.
…
#java #coding #software-engineering #programming #expression language injections in java #expression language injections