Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-14610

Improve Security analysis for JS (Code Inj, OS Command, SSRF, OpenRedirect), PHP (Symfony) + Custom Taint Config on Server-Side

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8.8
    • Component/s: None
    • Edition:
      Developer
    • Production Notes:
      None

      Description

      The JS Security Engine now supports:

      • Syntaxes:
        • Arrays
        • Promises and async/await
        • Ternary Operators
        • Template Strings
      • Rules:
        • Code Injection
        • OS Command Injection
        • SSRF
        • Open Redirect
      • Modules (aka: cross file analysis)

      The PHP Security Engine now supports the Symfony routing system and its @Route annotation

      The Taint Analyzer can be configured on server-side to share the custom configuration across multiple projects more easily.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wouter.admiraal Wouter Admiraal
              Reporter:
              sonarqube.tech SonarQube Technical user
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: