super-jacoco
super-jacoco copied to clipboard
didi
2024-07-15 09:59:55,270 DEBUG (BaseJdbcLogger.java:181)- ==> Preparing: UPDATE diff_coverage_report SET `request_status`=?, `err_msg`=?, `line_coverage`=?, `branch_coverage`=?, `report_url`=?, `diffmethod`=?, `log_file`=?, `now_local_path`=?, `update_time`=NOW() WHERE job_record_uuid=? 2024-07-15 09:59:55,270 DEBUG (BaseJdbcLogger.java:181)- ==> Preparing: UPDATE diff_coverage_report SET `request_status`=?,...
http://127.0.0.1:8899/cov/triggerEnvCov { "uuid": "uuid", "type": 2, // 1 全量; 2 增量 "gitUrl": "xxxxxx.git", "subModule": "", "baseVersion": "master", "nowVersion": "dev", "address": "127.0.0.1", "port": "18513" } http://127.0.0.1:8899/cov/getEnvCoverResult?uuid=uuid { "code": 200, "msg": "success",...
When accessing the getLocalCoverResult Interface with special request, unauthorized attackers can execute any command on the target system. ### Code Analyzing 1) The function getEnvLocalCoverResult in file CodeCovController.java handles the...
When accessing the triggerUnitCover Interface with special request, unauthorized attackers can execute any command on the target system. Attacker can inject command in the parameter uuid. ### Proof of concept:...
When accessing the triggerEnvCov Interface with special request, unauthorized attackers can execute any command on the target system. Attacker can inject command in the parameter uuid. ### Proof of concept...