From 0695b2a1fb5a0bb4cb5cb5974e5af62f4e613641 Mon Sep 17 00:00:00 2001
From: Artem Smotrakov <artem.smotrakov@gmail.com>
Date: Thu, 4 Mar 2021 20:27:39 +0100
Subject: [PATCH] Removed TaintedSpringRequestBody

---
 .../Security/CWE/CWE-094/JexlInjectionLib.qll |  15 +-
 .../security/CWE-094/Jexl3Injection.java      |   2 +
 .../security/CWE-094/JexlInjection.expected   | 216 +++++++++---------
 3 files changed, 111 insertions(+), 122 deletions(-)

diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll
index 73da7d11733..561d7e46ae9 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll
@@ -10,10 +10,7 @@ import semmle.code.java.dataflow.TaintTracking
 class JexlInjectionConfig extends TaintTracking::Configuration {
   JexlInjectionConfig() { this = "JexlInjectionConfig" }
 
-  override predicate isSource(DataFlow::Node source) {
-    source instanceof TaintedSpringRequestBody or
-    source instanceof RemoteFlowSource
-  }
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink }
 
@@ -23,16 +20,6 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
   }
 }
 
-/**
- * A data flow source for parameters that have
- * a Spring framework annotation indicating remote user input from servlets.
- */
-private class TaintedSpringRequestBody extends DataFlow::Node {
-  TaintedSpringRequestBody() {
-    this.asParameter().getAnAnnotation() instanceof SpringServletInputAnnotation
-  }
-}
-
 /**
  * A sink for Expresssion Language injection vulnerabilities via Jexl,
  * i.e. method calls that run evaluation of a JEXL expression.
diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/Jexl3Injection.java b/java/ql/test/experimental/query-tests/security/CWE-094/Jexl3Injection.java
index 67089546dd4..a23a8b35841 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-094/Jexl3Injection.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-094/Jexl3Injection.java
@@ -6,10 +6,12 @@ import java.util.function.Consumer;
 import org.apache.commons.jexl3.*;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
+@Controller
 public class Jexl3Injection {
 
     private static void runJexlExpression(String jexlExpr) {
diff --git a/java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.expected
index 0d26f62d78f..8140928cf21 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.expected
+++ b/java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.expected
@@ -36,53 +36,53 @@ edges
 | Jexl2Injection.java:114:24:114:85 | jexlExpr : String | Jexl2Injection.java:114:24:114:85 | jexlExpr : String |
 | Jexl2Injection.java:118:24:118:86 | jexlExpr : String | Jexl2Injection.java:66:73:66:87 | jexlExpr : String |
 | Jexl2Injection.java:118:24:118:86 | jexlExpr : String | Jexl2Injection.java:118:24:118:86 | jexlExpr : String |
-| Jexl3Injection.java:15:43:15:57 | jexlExpr : String | Jexl3Injection.java:19:9:19:9 | e |
-| Jexl3Injection.java:22:55:22:69 | jexlExpr : String | Jexl3Injection.java:26:9:26:9 | e |
-| Jexl3Injection.java:29:39:29:53 | jexlExpr : String | Jexl3Injection.java:33:9:33:14 | script |
-| Jexl3Injection.java:36:50:36:64 | jexlExpr : String | Jexl3Injection.java:42:13:42:18 | script |
-| Jexl3Injection.java:48:57:48:71 | jexlExpr : String | Jexl3Injection.java:50:40:50:47 | jexlExpr |
-| Jexl3Injection.java:53:57:53:71 | jexlExpr : String | Jexl3Injection.java:55:40:55:47 | jexlExpr |
-| Jexl3Injection.java:58:74:58:88 | jexlExpr : String | Jexl3Injection.java:61:9:61:39 | createExpression(...) |
-| Jexl3Injection.java:64:73:64:87 | jexlExpr : String | Jexl3Injection.java:67:9:67:39 | createExpression(...) |
-| Jexl3Injection.java:70:72:70:86 | jexlExpr : String | Jexl3Injection.java:73:9:73:37 | createTemplate(...) |
-| Jexl3Injection.java:76:54:76:68 | jexlExpr : String | Jexl3Injection.java:82:13:82:13 | e |
-| Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:94:31:94:38 | jexlExpr : String |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:102:24:102:56 | jexlExpr : String |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:106:24:106:68 | jexlExpr : String |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:110:24:110:52 | jexlExpr : String |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:114:24:114:63 | jexlExpr : String |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:118:24:118:70 | jexlExpr : String |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:122:24:122:70 | jexlExpr : String |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:126:24:126:87 | jexlExpr : String |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:130:24:130:86 | jexlExpr : String |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:134:24:134:85 | jexlExpr : String |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:138:24:138:67 | jexlExpr : String |
-| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
-| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | Jexl3Injection.java:102:24:102:56 | jexlExpr : String |
-| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | Jexl3Injection.java:22:55:22:69 | jexlExpr : String |
-| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | Jexl3Injection.java:106:24:106:68 | jexlExpr : String |
-| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | Jexl3Injection.java:29:39:29:53 | jexlExpr : String |
-| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | Jexl3Injection.java:110:24:110:52 | jexlExpr : String |
-| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | Jexl3Injection.java:36:50:36:64 | jexlExpr : String |
-| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | Jexl3Injection.java:114:24:114:63 | jexlExpr : String |
-| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | Jexl3Injection.java:48:57:48:71 | jexlExpr : String |
-| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | Jexl3Injection.java:118:24:118:70 | jexlExpr : String |
-| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | Jexl3Injection.java:53:57:53:71 | jexlExpr : String |
-| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | Jexl3Injection.java:122:24:122:70 | jexlExpr : String |
-| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | Jexl3Injection.java:58:74:58:88 | jexlExpr : String |
-| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | Jexl3Injection.java:126:24:126:87 | jexlExpr : String |
-| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | Jexl3Injection.java:64:73:64:87 | jexlExpr : String |
-| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | Jexl3Injection.java:130:24:130:86 | jexlExpr : String |
-| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | Jexl3Injection.java:70:72:70:86 | jexlExpr : String |
-| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | Jexl3Injection.java:134:24:134:85 | jexlExpr : String |
-| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | Jexl3Injection.java:76:54:76:68 | jexlExpr : String |
-| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | Jexl3Injection.java:138:24:138:67 | jexlExpr : String |
-| Jexl3Injection.java:143:13:143:37 | expr : String | Jexl3Injection.java:145:27:145:30 | expr : String |
-| Jexl3Injection.java:145:27:145:30 | expr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
-| Jexl3Injection.java:151:13:151:34 | data : Data | Jexl3Injection.java:154:27:154:30 | expr : String |
-| Jexl3Injection.java:154:27:154:30 | expr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
-| Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | Jexl3Injection.java:164:27:164:30 | expr : String |
-| Jexl3Injection.java:164:27:164:30 | expr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
+| Jexl3Injection.java:17:43:17:57 | jexlExpr : String | Jexl3Injection.java:21:9:21:9 | e |
+| Jexl3Injection.java:24:55:24:69 | jexlExpr : String | Jexl3Injection.java:28:9:28:9 | e |
+| Jexl3Injection.java:31:39:31:53 | jexlExpr : String | Jexl3Injection.java:35:9:35:14 | script |
+| Jexl3Injection.java:38:50:38:64 | jexlExpr : String | Jexl3Injection.java:44:13:44:18 | script |
+| Jexl3Injection.java:50:57:50:71 | jexlExpr : String | Jexl3Injection.java:52:40:52:47 | jexlExpr |
+| Jexl3Injection.java:55:57:55:71 | jexlExpr : String | Jexl3Injection.java:57:40:57:47 | jexlExpr |
+| Jexl3Injection.java:60:74:60:88 | jexlExpr : String | Jexl3Injection.java:63:9:63:39 | createExpression(...) |
+| Jexl3Injection.java:66:73:66:87 | jexlExpr : String | Jexl3Injection.java:69:9:69:39 | createExpression(...) |
+| Jexl3Injection.java:72:72:72:86 | jexlExpr : String | Jexl3Injection.java:75:9:75:37 | createTemplate(...) |
+| Jexl3Injection.java:78:54:78:68 | jexlExpr : String | Jexl3Injection.java:84:13:84:13 | e |
+| Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:96:31:96:38 | jexlExpr : String |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:104:24:104:56 | jexlExpr : String |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:108:24:108:68 | jexlExpr : String |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:112:24:112:52 | jexlExpr : String |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:116:24:116:63 | jexlExpr : String |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:120:24:120:70 | jexlExpr : String |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:124:24:124:70 | jexlExpr : String |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:128:24:128:87 | jexlExpr : String |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:132:24:132:86 | jexlExpr : String |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:136:24:136:85 | jexlExpr : String |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:140:24:140:67 | jexlExpr : String |
+| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String |
+| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | Jexl3Injection.java:104:24:104:56 | jexlExpr : String |
+| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | Jexl3Injection.java:24:55:24:69 | jexlExpr : String |
+| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | Jexl3Injection.java:108:24:108:68 | jexlExpr : String |
+| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | Jexl3Injection.java:31:39:31:53 | jexlExpr : String |
+| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | Jexl3Injection.java:112:24:112:52 | jexlExpr : String |
+| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | Jexl3Injection.java:38:50:38:64 | jexlExpr : String |
+| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | Jexl3Injection.java:116:24:116:63 | jexlExpr : String |
+| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | Jexl3Injection.java:50:57:50:71 | jexlExpr : String |
+| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | Jexl3Injection.java:120:24:120:70 | jexlExpr : String |
+| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | Jexl3Injection.java:55:57:55:71 | jexlExpr : String |
+| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | Jexl3Injection.java:124:24:124:70 | jexlExpr : String |
+| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | Jexl3Injection.java:60:74:60:88 | jexlExpr : String |
+| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | Jexl3Injection.java:128:24:128:87 | jexlExpr : String |
+| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | Jexl3Injection.java:66:73:66:87 | jexlExpr : String |
+| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | Jexl3Injection.java:132:24:132:86 | jexlExpr : String |
+| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | Jexl3Injection.java:72:72:72:86 | jexlExpr : String |
+| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | Jexl3Injection.java:136:24:136:85 | jexlExpr : String |
+| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | Jexl3Injection.java:78:54:78:68 | jexlExpr : String |
+| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | Jexl3Injection.java:140:24:140:67 | jexlExpr : String |
+| Jexl3Injection.java:145:13:145:37 | expr : String | Jexl3Injection.java:147:27:147:30 | expr : String |
+| Jexl3Injection.java:147:27:147:30 | expr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String |
+| Jexl3Injection.java:153:13:153:34 | data : Data | Jexl3Injection.java:156:27:156:30 | expr : String |
+| Jexl3Injection.java:156:27:156:30 | expr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String |
+| Jexl3Injection.java:163:13:163:52 | customRequest : CustomRequest | Jexl3Injection.java:166:27:166:30 | expr : String |
+| Jexl3Injection.java:166:27:166:30 | expr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String |
 nodes
 | Jexl2Injection.java:10:43:10:57 | jexlExpr : String | semmle.label | jexlExpr : String |
 | Jexl2Injection.java:14:9:14:9 | e | semmle.label | e |
@@ -122,54 +122,54 @@ nodes
 | Jexl2Injection.java:114:24:114:85 | jexlExpr : String | semmle.label | jexlExpr : String |
 | Jexl2Injection.java:118:24:118:86 | jexlExpr : String | semmle.label | jexlExpr : String |
 | Jexl2Injection.java:118:24:118:86 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:15:43:15:57 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:19:9:19:9 | e | semmle.label | e |
-| Jexl3Injection.java:22:55:22:69 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:26:9:26:9 | e | semmle.label | e |
-| Jexl3Injection.java:29:39:29:53 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:33:9:33:14 | script | semmle.label | script |
-| Jexl3Injection.java:36:50:36:64 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:42:13:42:18 | script | semmle.label | script |
-| Jexl3Injection.java:48:57:48:71 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:50:40:50:47 | jexlExpr | semmle.label | jexlExpr |
-| Jexl3Injection.java:53:57:53:71 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:55:40:55:47 | jexlExpr | semmle.label | jexlExpr |
-| Jexl3Injection.java:58:74:58:88 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:61:9:61:39 | createExpression(...) | semmle.label | createExpression(...) |
-| Jexl3Injection.java:64:73:64:87 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:67:9:67:39 | createExpression(...) | semmle.label | createExpression(...) |
-| Jexl3Injection.java:70:72:70:86 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:73:9:73:37 | createTemplate(...) | semmle.label | createTemplate(...) |
-| Jexl3Injection.java:76:54:76:68 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:82:13:82:13 | e | semmle.label | e |
-| Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
-| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | semmle.label | jexlExpr : String |
-| Jexl3Injection.java:143:13:143:37 | expr : String | semmle.label | expr : String |
-| Jexl3Injection.java:145:27:145:30 | expr : String | semmle.label | expr : String |
-| Jexl3Injection.java:151:13:151:34 | data : Data | semmle.label | data : Data |
-| Jexl3Injection.java:154:27:154:30 | expr : String | semmle.label | expr : String |
-| Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | semmle.label | customRequest : CustomRequest |
-| Jexl3Injection.java:164:27:164:30 | expr : String | semmle.label | expr : String |
+| Jexl3Injection.java:17:43:17:57 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:21:9:21:9 | e | semmle.label | e |
+| Jexl3Injection.java:24:55:24:69 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:28:9:28:9 | e | semmle.label | e |
+| Jexl3Injection.java:31:39:31:53 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:35:9:35:14 | script | semmle.label | script |
+| Jexl3Injection.java:38:50:38:64 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:44:13:44:18 | script | semmle.label | script |
+| Jexl3Injection.java:50:57:50:71 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:52:40:52:47 | jexlExpr | semmle.label | jexlExpr |
+| Jexl3Injection.java:55:57:55:71 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:57:40:57:47 | jexlExpr | semmle.label | jexlExpr |
+| Jexl3Injection.java:60:74:60:88 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:63:9:63:39 | createExpression(...) | semmle.label | createExpression(...) |
+| Jexl3Injection.java:66:73:66:87 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:69:9:69:39 | createExpression(...) | semmle.label | createExpression(...) |
+| Jexl3Injection.java:72:72:72:86 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:75:9:75:37 | createTemplate(...) | semmle.label | createTemplate(...) |
+| Jexl3Injection.java:78:54:78:68 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:84:13:84:13 | e | semmle.label | e |
+| Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
+| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | semmle.label | jexlExpr : String |
+| Jexl3Injection.java:145:13:145:37 | expr : String | semmle.label | expr : String |
+| Jexl3Injection.java:147:27:147:30 | expr : String | semmle.label | expr : String |
+| Jexl3Injection.java:153:13:153:34 | data : Data | semmle.label | data : Data |
+| Jexl3Injection.java:156:27:156:30 | expr : String | semmle.label | expr : String |
+| Jexl3Injection.java:163:13:163:52 | customRequest : CustomRequest | semmle.label | customRequest : CustomRequest |
+| Jexl3Injection.java:166:27:166:30 | expr : String | semmle.label | expr : String |
 #select
 | Jexl2Injection.java:14:9:14:9 | e | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:14:9:14:9 | e | JEXL injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
 | Jexl2Injection.java:22:9:22:9 | e | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:22:9:22:9 | e | JEXL injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
@@ -180,16 +180,16 @@ nodes
 | Jexl2Injection.java:57:9:57:35 | parse(...) | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:57:9:57:35 | parse(...) | JEXL injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
 | Jexl2Injection.java:63:9:63:35 | parse(...) | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:63:9:63:35 | parse(...) | JEXL injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
 | Jexl2Injection.java:69:9:69:44 | createTemplate(...) | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:69:9:69:44 | createTemplate(...) | JEXL injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
-| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:19:9:19:9 | e | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
-| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:143:13:143:37 | expr : String | Jexl3Injection.java:19:9:19:9 | e | JEXL injection from $@. | Jexl3Injection.java:143:13:143:37 | expr | this user input |
-| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:151:13:151:34 | data : Data | Jexl3Injection.java:19:9:19:9 | e | JEXL injection from $@. | Jexl3Injection.java:151:13:151:34 | data | this user input |
-| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | Jexl3Injection.java:19:9:19:9 | e | JEXL injection from $@. | Jexl3Injection.java:161:13:161:52 | customRequest | this user input |
-| Jexl3Injection.java:26:9:26:9 | e | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:26:9:26:9 | e | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
-| Jexl3Injection.java:33:9:33:14 | script | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:33:9:33:14 | script | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
-| Jexl3Injection.java:42:13:42:18 | script | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:42:13:42:18 | script | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
-| Jexl3Injection.java:50:40:50:47 | jexlExpr | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:50:40:50:47 | jexlExpr | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
-| Jexl3Injection.java:55:40:55:47 | jexlExpr | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:55:40:55:47 | jexlExpr | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
-| Jexl3Injection.java:61:9:61:39 | createExpression(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:61:9:61:39 | createExpression(...) | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
-| Jexl3Injection.java:67:9:67:39 | createExpression(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:67:9:67:39 | createExpression(...) | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
-| Jexl3Injection.java:73:9:73:37 | createTemplate(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:73:9:73:37 | createTemplate(...) | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
-| Jexl3Injection.java:82:13:82:13 | e | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:82:13:82:13 | e | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
+| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:21:9:21:9 | e | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
+| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:145:13:145:37 | expr : String | Jexl3Injection.java:21:9:21:9 | e | JEXL injection from $@. | Jexl3Injection.java:145:13:145:37 | expr | this user input |
+| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:153:13:153:34 | data : Data | Jexl3Injection.java:21:9:21:9 | e | JEXL injection from $@. | Jexl3Injection.java:153:13:153:34 | data | this user input |
+| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:163:13:163:52 | customRequest : CustomRequest | Jexl3Injection.java:21:9:21:9 | e | JEXL injection from $@. | Jexl3Injection.java:163:13:163:52 | customRequest | this user input |
+| Jexl3Injection.java:28:9:28:9 | e | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:28:9:28:9 | e | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
+| Jexl3Injection.java:35:9:35:14 | script | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:35:9:35:14 | script | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
+| Jexl3Injection.java:44:13:44:18 | script | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:44:13:44:18 | script | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
+| Jexl3Injection.java:52:40:52:47 | jexlExpr | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:52:40:52:47 | jexlExpr | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
+| Jexl3Injection.java:57:40:57:47 | jexlExpr | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:57:40:57:47 | jexlExpr | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
+| Jexl3Injection.java:63:9:63:39 | createExpression(...) | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:63:9:63:39 | createExpression(...) | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
+| Jexl3Injection.java:69:9:69:39 | createExpression(...) | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:69:9:69:39 | createExpression(...) | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
+| Jexl3Injection.java:75:9:75:37 | createTemplate(...) | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:75:9:75:37 | createTemplate(...) | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
+| Jexl3Injection.java:84:13:84:13 | e | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:84:13:84:13 | e | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |