hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add Jakarta WS url-open sink

Browse Source
This commit is contained in:
Chris Smowton
2021-06-17 11:58:41 +01:00
parent da1e760269
commit 11b70326fd
8 changed files with 64 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/semmle/code/java/frameworks/JaxWS.qll
View File

@@ -789,6 +789,10 @@ private class UriBuilderModel extends SummaryModelCsv {
private class JaxRsUrlOpenSink extends SinkModelCsv {
override predicate row(string row) {
row = ["javax.ws.rs.client;Client;true;target;;;Argument[0];open-url"]
row =
[
"javax.ws.rs.client;Client;true;target;;;Argument[0];open-url",
"jakarta.ws.rs.client;Client;true;target;;;Argument[0];open-url"
]
}
}

18
java/ql/test/query-tests/security/CWE-918/JakartaWsSSRF.java Normal file
View File

@@ -0,0 +1,18 @@
import jakarta.ws.rs.client.*;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class JakartaWsSSRF extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
Client client = ClientBuilder.newClient();
String url = request.getParameter("url");
client.target(url); // $ SSRF
}
}

2
java/ql/test/query-tests/security/CWE-918/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/servlet-api-2.4/
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/servlet-api-2.4/

14
java/ql/test/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/Client.java
View File

@@ -15,23 +15,23 @@
*/
package javax.ws.rs.client;
// import java.net.URI;
import java.net.URI;
import javax.ws.rs.core.Configurable;
// import javax.ws.rs.core.Link;
// import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.Link;
import javax.ws.rs.core.UriBuilder;
// import javax.net.ssl.HostnameVerifier;
// import javax.net.ssl.SSLContext;
public interface Client extends Configurable<Client> {
public void close();
// public WebTarget target(String uri);
public WebTarget target(String uri);
// public WebTarget target(URI uri);
public WebTarget target(URI uri);
// public WebTarget target(UriBuilder uriBuilder);
public WebTarget target(UriBuilder uriBuilder);
// public WebTarget target(Link link);
public WebTarget target(Link link);
// public Invocation.Builder invocation(Link link);

14
java/ql/test/stubs/javax-ws-rs-api-3.0.0/jakarta/ws/rs/client/Client.java
View File

@@ -15,23 +15,23 @@
*/
package jakarta.ws.rs.client;
// import java.net.URI;
import java.net.URI;
// import javax.net.ssl.HostnameVerifier;
// import javax.net.ssl.SSLContext;
import jakarta.ws.rs.core.Configurable;
// import jakarta.ws.rs.core.Link;
// import jakarta.ws.rs.core.UriBuilder;
import jakarta.ws.rs.core.Link;
import jakarta.ws.rs.core.UriBuilder;
public interface Client extends Configurable<Client> {
public void close();
// public WebTarget target(String uri);
public WebTarget target(String uri);
// public WebTarget target(URI uri);
public WebTarget target(URI uri);
// public WebTarget target(UriBuilder uriBuilder);
public WebTarget target(UriBuilder uriBuilder);
// public WebTarget target(Link link);
public WebTarget target(Link link);
// public Invocation.Builder invocation(Link link);

19
java/ql/test/stubs/javax-ws-rs-api-3.0.0/jakarta/ws/rs/client/ClientBuilder.java Normal file
View File

@@ -0,0 +1,19 @@
package jakarta.ws.rs.client;
public abstract class ClientBuilder implements jakarta.ws.rs.core.Configurable {
protected ClientBuilder() {
}
public static jakarta.ws.rs.client.ClientBuilder newBuilder() {
return null;
}
public static jakarta.ws.rs.client.Client newClient() {
return null;
}
public static jakarta.ws.rs.client.Client newClient(jakarta.ws.rs.core.Configuration configuration) {
return null;
}
}

4
java/ql/test/stubs/javax-ws-rs-api-3.0.0/jakarta/ws/rs/client/WebTarget.java Normal file
View File

@@ -0,0 +1,4 @@
package jakarta.ws.rs.client;
public abstract interface WebTarget extends jakarta.ws.rs.core.Configurable {
}

3
java/ql/test/stubs/javax-ws-rs-api-3.0.0/jakarta/ws/rs/core/Configuration.java Normal file
View File

@@ -0,0 +1,3 @@
package jakarta.ws.rs.core;
public abstract interface Configuration {}