GLAS: Certain rules dont work on JSPs but work on Java Files
todo identified in this discussion:
orm.jsp: ideally should be detected by sqli
- Vulnerabilities in this jsp are not detected by the engine, but when converted to a java file these vulnerabilities are detected. Possible Engine issue.
Note that orm.java is detected by 2 rules but orm.jsp is not despite being identical programmatically
Relevant rules:
- java-hibernate-sqli-taint
- java-lang-xss-stored-taint
(Refer revised /injection folder in this branch with added scenarios of orm.jsp: orm.jsp 1-5, with added import statements, modified code structure etc.)