hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Removed TaintedSpringRequestBody

Browse Source
This commit is contained in:
Artem Smotrakov
2021-03-04 20:27:39 +01:00
parent c243f2f042
commit 0695b2a1fb
3 changed files with 111 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/test/experimental/query-tests/security/CWE-094/Jexl3Injection.java
View File

@@ -6,10 +6,12 @@ import java.util.function.Consumer;
import org.apache.commons.jexl3.*;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@Controller
public class Jexl3Injection {
private static void runJexlExpression(String jexlExpr) {

216
java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.expected
View File

@@ -36,53 +36,53 @@ edges
| Jexl2Injection.java:114:24:114:85 | jexlExpr : String | Jexl2Injection.java:114:24:114:85 | jexlExpr : String |
| Jexl2Injection.java:118:24:118:86 | jexlExpr : String | Jexl2Injection.java:66:73:66:87 | jexlExpr : String |
| Jexl2Injection.java:118:24:118:86 | jexlExpr : String | Jexl2Injection.java:118:24:118:86 | jexlExpr : String |
| Jexl3Injection.java:15:43:15:57 | jexlExpr : String | Jexl3Injection.java:19:9:19:9 | e |
| Jexl3Injection.java:22:55:22:69 | jexlExpr : String | Jexl3Injection.java:26:9:26:9 | e |
| Jexl3Injection.java:29:39:29:53 | jexlExpr : String | Jexl3Injection.java:33:9:33:14 | script |
| Jexl3Injection.java:36:50:36:64 | jexlExpr : String | Jexl3Injection.java:42:13:42:18 | script |
| Jexl3Injection.java:48:57:48:71 | jexlExpr : String | Jexl3Injection.java:50:40:50:47 | jexlExpr |
| Jexl3Injection.java:53:57:53:71 | jexlExpr : String | Jexl3Injection.java:55:40:55:47 | jexlExpr |
| Jexl3Injection.java:58:74:58:88 | jexlExpr : String | Jexl3Injection.java:61:9:61:39 | createExpression(...) |
| Jexl3Injection.java:64:73:64:87 | jexlExpr : String | Jexl3Injection.java:67:9:67:39 | createExpression(...) |
| Jexl3Injection.java:70:72:70:86 | jexlExpr : String | Jexl3Injection.java:73:9:73:37 | createTemplate(...) |
| Jexl3Injection.java:76:54:76:68 | jexlExpr : String | Jexl3Injection.java:82:13:82:13 | e |
| Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:94:31:94:38 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:102:24:102:56 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:106:24:106:68 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:110:24:110:52 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:114:24:114:63 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:118:24:118:70 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:122:24:122:70 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:126:24:126:87 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:130:24:130:86 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:134:24:134:85 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:138:24:138:67 | jexlExpr : String |
| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | Jexl3Injection.java:102:24:102:56 | jexlExpr : String |
| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | Jexl3Injection.java:22:55:22:69 | jexlExpr : String |
| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | Jexl3Injection.java:106:24:106:68 | jexlExpr : String |
| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | Jexl3Injection.java:29:39:29:53 | jexlExpr : String |
| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | Jexl3Injection.java:110:24:110:52 | jexlExpr : String |
| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | Jexl3Injection.java:36:50:36:64 | jexlExpr : String |
| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | Jexl3Injection.java:114:24:114:63 | jexlExpr : String |
| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | Jexl3Injection.java:48:57:48:71 | jexlExpr : String |
| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | Jexl3Injection.java:118:24:118:70 | jexlExpr : String |
| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | Jexl3Injection.java:53:57:53:71 | jexlExpr : String |
| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | Jexl3Injection.java:122:24:122:70 | jexlExpr : String |
| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | Jexl3Injection.java:58:74:58:88 | jexlExpr : String |
| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | Jexl3Injection.java:126:24:126:87 | jexlExpr : String |
| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | Jexl3Injection.java:64:73:64:87 | jexlExpr : String |
| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | Jexl3Injection.java:130:24:130:86 | jexlExpr : String |
| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | Jexl3Injection.java:70:72:70:86 | jexlExpr : String |
| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | Jexl3Injection.java:134:24:134:85 | jexlExpr : String |
| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | Jexl3Injection.java:76:54:76:68 | jexlExpr : String |
| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | Jexl3Injection.java:138:24:138:67 | jexlExpr : String |
| Jexl3Injection.java:143:13:143:37 | expr : String | Jexl3Injection.java:145:27:145:30 | expr : String |
| Jexl3Injection.java:145:27:145:30 | expr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
| Jexl3Injection.java:151:13:151:34 | data : Data | Jexl3Injection.java:154:27:154:30 | expr : String |
| Jexl3Injection.java:154:27:154:30 | expr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
| Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | Jexl3Injection.java:164:27:164:30 | expr : String |
| Jexl3Injection.java:164:27:164:30 | expr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
| Jexl3Injection.java:17:43:17:57 | jexlExpr : String | Jexl3Injection.java:21:9:21:9 | e |
| Jexl3Injection.java:24:55:24:69 | jexlExpr : String | Jexl3Injection.java:28:9:28:9 | e |
| Jexl3Injection.java:31:39:31:53 | jexlExpr : String | Jexl3Injection.java:35:9:35:14 | script |
| Jexl3Injection.java:38:50:38:64 | jexlExpr : String | Jexl3Injection.java:44:13:44:18 | script |
| Jexl3Injection.java:50:57:50:71 | jexlExpr : String | Jexl3Injection.java:52:40:52:47 | jexlExpr |
| Jexl3Injection.java:55:57:55:71 | jexlExpr : String | Jexl3Injection.java:57:40:57:47 | jexlExpr |
| Jexl3Injection.java:60:74:60:88 | jexlExpr : String | Jexl3Injection.java:63:9:63:39 | createExpression(...) |
| Jexl3Injection.java:66:73:66:87 | jexlExpr : String | Jexl3Injection.java:69:9:69:39 | createExpression(...) |
| Jexl3Injection.java:72:72:72:86 | jexlExpr : String | Jexl3Injection.java:75:9:75:37 | createTemplate(...) |
| Jexl3Injection.java:78:54:78:68 | jexlExpr : String | Jexl3Injection.java:84:13:84:13 | e |
| Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:96:31:96:38 | jexlExpr : String |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:104:24:104:56 | jexlExpr : String |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:108:24:108:68 | jexlExpr : String |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:112:24:112:52 | jexlExpr : String |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:116:24:116:63 | jexlExpr : String |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:120:24:120:70 | jexlExpr : String |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:124:24:124:70 | jexlExpr : String |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:128:24:128:87 | jexlExpr : String |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:132:24:132:86 | jexlExpr : String |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:136:24:136:85 | jexlExpr : String |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:140:24:140:67 | jexlExpr : String |
| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String |
| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | Jexl3Injection.java:104:24:104:56 | jexlExpr : String |
| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | Jexl3Injection.java:24:55:24:69 | jexlExpr : String |
| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | Jexl3Injection.java:108:24:108:68 | jexlExpr : String |
| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | Jexl3Injection.java:31:39:31:53 | jexlExpr : String |
| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | Jexl3Injection.java:112:24:112:52 | jexlExpr : String |
| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | Jexl3Injection.java:38:50:38:64 | jexlExpr : String |
| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | Jexl3Injection.java:116:24:116:63 | jexlExpr : String |
| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | Jexl3Injection.java:50:57:50:71 | jexlExpr : String |
| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | Jexl3Injection.java:120:24:120:70 | jexlExpr : String |
| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | Jexl3Injection.java:55:57:55:71 | jexlExpr : String |
| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | Jexl3Injection.java:124:24:124:70 | jexlExpr : String |
| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | Jexl3Injection.java:60:74:60:88 | jexlExpr : String |
| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | Jexl3Injection.java:128:24:128:87 | jexlExpr : String |
| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | Jexl3Injection.java:66:73:66:87 | jexlExpr : String |
| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | Jexl3Injection.java:132:24:132:86 | jexlExpr : String |
| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | Jexl3Injection.java:72:72:72:86 | jexlExpr : String |
| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | Jexl3Injection.java:136:24:136:85 | jexlExpr : String |
| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | Jexl3Injection.java:78:54:78:68 | jexlExpr : String |
| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | Jexl3Injection.java:140:24:140:67 | jexlExpr : String |
| Jexl3Injection.java:145:13:145:37 | expr : String | Jexl3Injection.java:147:27:147:30 | expr : String |
| Jexl3Injection.java:147:27:147:30 | expr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String |
| Jexl3Injection.java:153:13:153:34 | data : Data | Jexl3Injection.java:156:27:156:30 | expr : String |
| Jexl3Injection.java:156:27:156:30 | expr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String |
| Jexl3Injection.java:163:13:163:52 | customRequest : CustomRequest | Jexl3Injection.java:166:27:166:30 | expr : String |
| Jexl3Injection.java:166:27:166:30 | expr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String |
nodes
| Jexl2Injection.java:10:43:10:57 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:14:9:14:9 | e | semmle.label | e |
@@ -122,54 +122,54 @@ nodes
| Jexl2Injection.java:114:24:114:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:118:24:118:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:118:24:118:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:15:43:15:57 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:19:9:19:9 | e | semmle.label | e |
| Jexl3Injection.java:22:55:22:69 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:26:9:26:9 | e | semmle.label | e |
| Jexl3Injection.java:29:39:29:53 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:33:9:33:14 | script | semmle.label | script |
| Jexl3Injection.java:36:50:36:64 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:42:13:42:18 | script | semmle.label | script |
| Jexl3Injection.java:48:57:48:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:50:40:50:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl3Injection.java:53:57:53:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:55:40:55:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl3Injection.java:58:74:58:88 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:61:9:61:39 | createExpression(...) | semmle.label | createExpression(...) |
| Jexl3Injection.java:64:73:64:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:67:9:67:39 | createExpression(...) | semmle.label | createExpression(...) |
| Jexl3Injection.java:70:72:70:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:73:9:73:37 | createTemplate(...) | semmle.label | createTemplate(...) |
| Jexl3Injection.java:76:54:76:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:82:13:82:13 | e | semmle.label | e |
| Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:143:13:143:37 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:145:27:145:30 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:151:13:151:34 | data : Data | semmle.label | data : Data |
| Jexl3Injection.java:154:27:154:30 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | semmle.label | customRequest : CustomRequest |
| Jexl3Injection.java:164:27:164:30 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:17:43:17:57 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:21:9:21:9 | e | semmle.label | e |
| Jexl3Injection.java:24:55:24:69 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:28:9:28:9 | e | semmle.label | e |
| Jexl3Injection.java:31:39:31:53 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:35:9:35:14 | script | semmle.label | script |
| Jexl3Injection.java:38:50:38:64 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:44:13:44:18 | script | semmle.label | script |
| Jexl3Injection.java:50:57:50:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:52:40:52:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl3Injection.java:55:57:55:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:57:40:57:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl3Injection.java:60:74:60:88 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:63:9:63:39 | createExpression(...) | semmle.label | createExpression(...) |
| Jexl3Injection.java:66:73:66:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:69:9:69:39 | createExpression(...) | semmle.label | createExpression(...) |
| Jexl3Injection.java:72:72:72:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:75:9:75:37 | createTemplate(...) | semmle.label | createTemplate(...) |
| Jexl3Injection.java:78:54:78:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:84:13:84:13 | e | semmle.label | e |
| Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:145:13:145:37 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:147:27:147:30 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:153:13:153:34 | data : Data | semmle.label | data : Data |
| Jexl3Injection.java:156:27:156:30 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:163:13:163:52 | customRequest : CustomRequest | semmle.label | customRequest : CustomRequest |
| Jexl3Injection.java:166:27:166:30 | expr : String | semmle.label | expr : String |
#select
| Jexl2Injection.java:14:9:14:9 | e | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:14:9:14:9 | e | JEXL injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
| Jexl2Injection.java:22:9:22:9 | e | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:22:9:22:9 | e | JEXL injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
@@ -180,16 +180,16 @@ nodes
| Jexl2Injection.java:57:9:57:35 | parse(...) | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:57:9:57:35 | parse(...) | JEXL injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
| Jexl2Injection.java:63:9:63:35 | parse(...) | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:63:9:63:35 | parse(...) | JEXL injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
| Jexl2Injection.java:69:9:69:44 | createTemplate(...) | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:69:9:69:44 | createTemplate(...) | JEXL injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:19:9:19:9 | e | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:143:13:143:37 | expr : String | Jexl3Injection.java:19:9:19:9 | e | JEXL injection from $@. | Jexl3Injection.java:143:13:143:37 | expr | this user input |
| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:151:13:151:34 | data : Data | Jexl3Injection.java:19:9:19:9 | e | JEXL injection from $@. | Jexl3Injection.java:151:13:151:34 | data | this user input |
| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | Jexl3Injection.java:19:9:19:9 | e | JEXL injection from $@. | Jexl3Injection.java:161:13:161:52 | customRequest | this user input |
| Jexl3Injection.java:26:9:26:9 | e | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:26:9:26:9 | e | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:33:9:33:14 | script | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:33:9:33:14 | script | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:42:13:42:18 | script | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:42:13:42:18 | script | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:50:40:50:47 | jexlExpr | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:50:40:50:47 | jexlExpr | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:55:40:55:47 | jexlExpr | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:55:40:55:47 | jexlExpr | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:61:9:61:39 | createExpression(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:61:9:61:39 | createExpression(...) | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:67:9:67:39 | createExpression(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:67:9:67:39 | createExpression(...) | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:73:9:73:37 | createTemplate(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:73:9:73:37 | createTemplate(...) | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:82:13:82:13 | e | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:82:13:82:13 | e | JEXL injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:21:9:21:9 | e | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:145:13:145:37 | expr : String | Jexl3Injection.java:21:9:21:9 | e | JEXL injection from $@. | Jexl3Injection.java:145:13:145:37 | expr | this user input |
| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:153:13:153:34 | data : Data | Jexl3Injection.java:21:9:21:9 | e | JEXL injection from $@. | Jexl3Injection.java:153:13:153:34 | data | this user input |
| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:163:13:163:52 | customRequest : CustomRequest | Jexl3Injection.java:21:9:21:9 | e | JEXL injection from $@. | Jexl3Injection.java:163:13:163:52 | customRequest | this user input |
| Jexl3Injection.java:28:9:28:9 | e | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:28:9:28:9 | e | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:35:9:35:14 | script | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:35:9:35:14 | script | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:44:13:44:18 | script | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:44:13:44:18 | script | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:52:40:52:47 | jexlExpr | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:52:40:52:47 | jexlExpr | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:57:40:57:47 | jexlExpr | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:57:40:57:47 | jexlExpr | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:63:9:63:39 | createExpression(...) | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:63:9:63:39 | createExpression(...) | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:69:9:69:39 | createExpression(...) | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:69:9:69:39 | createExpression(...) | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:75:9:75:37 | createTemplate(...) | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:75:9:75:37 | createTemplate(...) | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:84:13:84:13 | e | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:84:13:84:13 | e | JEXL injection from $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | this user input |