Add support for Tomcat and Jakarta Expression Language Injection Bug Detector.

author: henryrneh <henryharry93@gmail.com> 2022-08-11 16:35:49 +0200
committer: Fabian Meumertzheim <fabian@meumertzhe.im> 2022-08-13 19:42:24 +0200
commit: 9076da807d9990a7806836fa5666bc43fb5270ae (patch)
tree: 01a0900e9bf965aacba5c64c986f84b075b32862 /sanitizers
parent: 88f404c2021efac34adcac331716f4dbe618492c (diff)
download: jazzer-api-9076da807d9990a7806836fa5666bc43fb5270ae.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/ExpressionLanguageInjection.kt b/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/ExpressionLanguageInjection.kt
index 77675990..1dc1d5f0 100644
--- a/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/ExpressionLanguageInjection.kt
+++ b/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/ExpressionLanguageInjection.kt
@@ -44,6 +44,16 @@ object ExpressionLanguageInjection {
             targetClassName = "javax.el.ExpressionFactory",
             targetMethod = "createMethodExpression",
         ),
+        MethodHook(
+            type = HookType.BEFORE,
+            targetClassName = "jakarta.el.ExpressionFactory",
+            targetMethod = "createValueExpression",
+        ),
+        MethodHook(
+            type = HookType.BEFORE,
+            targetClassName = "jakarta.el.ExpressionFactory",
+            targetMethod = "createMethodExpression",
+        ),
     )
     @JvmStatic
     fun hookElExpressionFactory(
author	henryrneh <henryharry93@gmail.com>	2022-08-11 16:35:49 +0200
committer	Fabian Meumertzheim <fabian@meumertzhe.im>	2022-08-13 19:42:24 +0200
commit	9076da807d9990a7806836fa5666bc43fb5270ae (patch)
tree	01a0900e9bf965aacba5c64c986f84b075b32862 /sanitizers
parent	88f404c2021efac34adcac331716f4dbe618492c (diff)
download	jazzer-api-9076da807d9990a7806836fa5666bc43fb5270ae.tar.gz