How to make sure that CVE-2016-1000027 does not affect your application

In this blog post, I’ll talk about detecting unsafe Spring Exporters with a CodeQL query. First, I’ll describe the issue that received CVE-2016-1000027. Next, I’ll show what a vulnerable code looks like and how the issue can be mitigated in an application. Then, I’ll describe how the CodeQL query works. In addition, I’ll show a couple of vulnerabilities that have been found by the query.

Photo by Mike Kenneally on Unsplash

What is a Spring exporter?

The Spring Framework provides classes for exporting a service bean as an endpoint. Service exporters read data from an incoming request and then pass the data to the underlying bean. …


How to detect JEXL injections with CodeQL

Cup of coffee
Cup of coffee
Photo by Kozjat on Unsplash.

In this article, I’ll discuss a CodeQL query for detecting JEXL Expression Language injection vulnerabilities.

First, I’ll give a brief overview of expression languages in general and JEXL in particular. I’ll also explain what Expression Language injection is and how to prevent it. Then, I’ll describe how the CodeQL query works. In addition, I’ll show a few vulnerabilities that have been found by the query.

What Is Expression Language?

Expression Language (EL) is a general-purpose programming language mostly used for embedding and evaluating expressions at runtime. Most often, ELs are interpreted languages. In other words, there is an interpreter that prepares an execution context…


A photoresistor or a light-dependent resistor (LDR) is a resistor that changes its value (resistance) depending on light intensity. More precisely, when light falls upon it, the resistance decreases. It is normally used as a light or dark detector. For example, it may be used in a circuit that turns lights in a room on when it gets dark. Let’s see how we use a photoresistor with ESP32 and MicroPython.

ESP32 and photoresistor
ESP32 and photoresistor
by Alena Penkova

Circuit for photoresistor and ESP32


In the previous posts, I described a simple weather station that measures temperature and humidity and sends the measurements to a Google sheet. The system is supposed to be used at home. Therefore, one of the next possible improvements can be measuring air quality in a room. That can be done, for example, by adding an MH-Z19B sensor for measuring CO2 level. We’ll use again a ESP32 board and MicroPython.

Measuring CO2 with MH-Z19B sensor on ESP32
Measuring CO2 with MH-Z19B sensor on ESP32

Preparation

The device is based on a simple weather station that I described in the following two posts:


New switch expressions, friendly NPEs and more

Photo by Yogesh Pedamkar on Unsplash

Java 14 is released on March 17th, 2020. Let’s take a look at what is inside, and what makes new Java different from the older versions. Here is an overview of the major updates:

  • Switch Expressions
  • Helpful NullPointerExceptions
  • Packaging Tool (Incubator)
  • Language preview features: Pattern Matching for instanceof, Records, Text Blocks
  • Garbage collection: ZGC on macOS and Windows, NUMA-Aware Memory Allocation for G1, Remove the Concurrent Mark Sweep (CMS) Garbage Collector, Deprecate the ParallelScavenge + SerialOld GC Combination,
  • Removal and deprecation: Deprecate the Solaris and SPARC Ports, Remove the Pack200 Tools and API
  • Other: Foreign-Memory Access API (Incubator), Non-Volatile Mapped…


With many examples

Photo by Karim MANJRA on Unsplash

Java 14 is going to be released on March 17, 2020. The new version of Java contains an interesting update to the Java language: new switch expressions. Let’s see how the new switch expressions can be used, what kind of advantages they offer, and what can potentially go wrong. In the end, we’ll tackle a tricky question about switch expressions.

The Classic ‘Switch’ Statement

The current design of the switch statement in Java follows languages such as C and C++. It works only as a statement and supports fall-through semantics by default. Here’s an example of the classic switch statement with an enum:


16 major enhancements, 2400 bug fixes, and more

Photo by Fab Lentz on Unsplash

Java 14 is going to be released on March 17, 2020. Besides ~2,400 bug fixes and small enhancements, the new version of Java contains 16 major enhancements, also called JEPs (Java Enhancement Proposals).

Let’s take a closer look at the major updates in Java 14: new switch expressions, better NullPointerExceptions, improvements in garbage collection, JFR event streaming, and more.


Some time ago I wrote about unsafe deserialization and DoS vulnerabilities I’ve discovered in Apache Olingo. This post describes one more issue in the library. This time, it’s a little flaw in the Olingo client which may allow sending some HTTP requests to arbitrary URLs. The issue has been fixed in the 4.7.1 release.

In case you don’t know, Apache Olingo is a Java library that implements the Open Data Protocol (OData). This protocol allows the creation and consumption of queryable and interoperable RESTful APIs in a simple way.

Originally published at https://blog.gypsyengineer.com

The issue

The OData protocol runs over HTTP. Apache…


Some time ago I wrote about one security issue which I found in the library. This post describes another little vulnerability in Apache Olingo. The issue has been fixed in the 4.7.0 release as well.

By the way, Apache Olingo is a Java library that implements the Open Data Protocol (OData). This protocol allows the creation and consumption of queryable and interoperable RESTful APIs in a simple way.

(Originally published at https://blog.gypsyengineer.com)

The issue

Apache Olingo has the AbstractService class which is part of the public API. According to the Javadoc, the class is an entry point for the proxy mode. It…


Apache Olingo is a Java library that implements the Open Data Protocol (OData). This protocol allows the creation and consumption of queryable and interoperable RESTful APIs in a simple way.

This post describes a little vulnerability that I recently discovered in Apache Olingo. The issue was fixed in the 4.7.0 release.

(Originally published at https://blog.gypsyengineer.com)

The issue

OData protocol runs over HTTP. Apache Olingo implements an OData client. In particular, it offers the AsyncRequestWrapperImpl class which sends a request to an OData server and then handles a response. When a client asks a server to create a new record, the server may…

Artem Smotrakov

I write about Java, security, electronics and DIY

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store