Can CodeQL add support for YAML configuration files parse on java lib?

[J0o1ey]

During the process of auditing a Java project using CodeQL

I discovered that Spring Boot 3 uses YAML as its configuration file format.

However, it seems that the CodeQL Java library does not currently support parsing YAML files.

Can CodeQL add support for YAML configuration files parse on java lib?

application.yml with vuln just like this(actuator endpoint * was exposed)

management:
  endpoints:
    web:
      exposure:
        include: "*"

[redsun82]

👋 @J0o1ey

Your suggestion makes a lot of sense, and it has already been raised internally as well. Technically this shouldn't be too hard, as we already do support parsing YAML in other languages. However, at this time we can't commit to a specific roadmap for this. But stay tuned, we will relate back to this issue when we start working on this!