Enhance sast-rule java/inject/rule-FileDisclosure.yml
Problem
- Remove
org.apache.struts.action.ActionForward
patterns because it is struts 1 which was EOL'd in 2008. - Split the rules into two files:
RequestDispatcher
andorg.springframework.web.servlet
- rule-FileDisclosure-RequestDispatcher: RequestDispatcher can access everything in the web context
- rule-FileDisclosure-SpringFramework
org.springframework.web.servlet.ModelAndView
can only accessjsp
files - Fix descriptions for each rule file
- Fix mappings
Solution
Follow the enhance rule checklist.
Edited by Isaac Dawson