Using QL to find a remote code execution vulnerability in Apache Struts (opens in new tab)

(lgtm.com)

1 pointsmossity8y ago1 comments

1 comments

Reading about CVE-2017-9805 it was really interesting to learn that the company that discovered it was using a Datalog-like language in order to query Java code for vulnerability patterns.

https://en.wikipedia.org/wiki/Semmle

j / k navigate · click thread line to collapse

Using QL to find a remote code execution vulnerability in Apache Struts (opens in new tab)

(lgtm.com)

1 pointsmossity8y ago1 comments

1 comments

mossityOP8y ago

Reading about CVE-2017-9805 it was really interesting to learn that the company that discovered it was using a Datalog-like language in order to query Java code for vulnerability patterns.

https://en.wikipedia.org/wiki/Semmle

j / k navigate · click thread line to collapse