Eight libraries from the original #17 list that didn't make the first pass, plus celery and tera which came out of the coverage audit. - [ ] `java/spring-security.toml` — auth framework for Spring; method-level @Secured, OAuth2 resource server, CSRF config - [ ] `java/velocity.toml` — template engine; #set and $reference evaluation, CVE-2020-13936 class - [ ] `java/dom4j.toml` — XML parser; SAXReader resolves external entities by default - [ ] `java/jdom.toml` — XML parser; SAXBuilder resolves entities by default - [ ] `php/laravel-sanctum.toml` — API token auth for Laravel; token scope bypass, SPA cookie auth misconfiguration - [ ] `node/cross-spawn.toml` — process spawning; safer than child_process.exec but shell option exists - [ ] `node/busboy.toml` — streaming file upload parser; filename from Content-Disposition is client-controlled - [ ] `python/fabric.toml` — remote execution over SSH; Connection.run passes through shell - [ ] `python/celery.toml` — task queue; uses pickle for task serialization by default, deserialization on consumer side. Detect via `celery` dependency. function:messaging + function:serialization taxonomy. - [ ] `rust/tera.toml` — template engine; `|safe` filter bypasses escaping, no sandbox for template logic
Eight libraries from the original #17 list that didn't make the first pass, plus celery and tera which came out of the coverage audit.
java/spring-security.toml— auth framework for Spring; method-level @secured, OAuth2 resource server, CSRF configjava/velocity.toml— template engine; #set and $reference evaluation, CVE-2020-13936 classjava/dom4j.toml— XML parser; SAXReader resolves external entities by defaultjava/jdom.toml— XML parser; SAXBuilder resolves entities by defaultphp/laravel-sanctum.toml— API token auth for Laravel; token scope bypass, SPA cookie auth misconfigurationnode/cross-spawn.toml— process spawning; safer than child_process.exec but shell option existsnode/busboy.toml— streaming file upload parser; filename from Content-Disposition is client-controlledpython/fabric.toml— remote execution over SSH; Connection.run passes through shellpython/celery.toml— task queue; uses pickle for task serialization by default, deserialization on consumer side. Detect viacelerydependency. function:messaging + function:serialization taxonomy.rust/tera.toml— template engine;|safefilter bypasses escaping, no sandbox for template logic