hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Simplified returnsRemoteInvocationSerializingExporter()

Browse Source
This commit is contained in:
Artem Smotrakov
2021-02-27 13:41:20 +01:00
parent e02b51f42b
commit 15a43ffe36
4 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/src/experimental/Security/CWE/CWE-502/SpringHttpInvokerUnsafeDeserialization.ql
View File

@@ -30,7 +30,6 @@ private predicate isRemoteInvocationSerializingExporter(RefType type) {
* Holds if `method` returns an object that extends `RemoteInvocationSerializingExporter`.
*/
private predicate returnsRemoteInvocationSerializingExporter(Method method) {
isRemoteInvocationSerializingExporter(method.getReturnType()) or
isRemoteInvocationSerializingExporter(method.getReturnType().(RefType).getASupertype*())
}

3
java/ql/test/experimental/query-tests/security/CWE-502/SpringHttpInvokerUnsafeDeserialization.expected
View File

@@ -1 +1,2 @@
| SpringHttpInvokerUnsafeDeserialization.java:9:32:9:37 | unsafe | Unasafe deserialization in a remote service exporter in 'unsafe' method |
| SpringHttpInvokerUnsafeDeserialization.java:10:32:10:63 | unsafeHttpInvokerServiceExporter | Unasafe deserialization in a remote service exporter in 'unsafeHttpInvokerServiceExporter' method |
| SpringHttpInvokerUnsafeDeserialization.java:18:41:18:88 | unsafeCustomeRemoteInvocationSerializingExporter | Unasafe deserialization in a remote service exporter in 'unsafeCustomeRemoteInvocationSerializingExporter' method |

12
java/ql/test/experimental/query-tests/security/CWE-502/SpringHttpInvokerUnsafeDeserialization.java
View File

@@ -1,18 +1,24 @@
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter;
import org.springframework.remoting.rmi.RemoteInvocationSerializingExporter;
@Configuration
public class SpringHttpInvokerUnsafeDeserialization {
@Bean(name = "/unsafe")
HttpInvokerServiceExporter unsafe() {
@Bean(name = "/unsafeHttpInvokerServiceExporter")
HttpInvokerServiceExporter unsafeHttpInvokerServiceExporter() {
HttpInvokerServiceExporter exporter = new HttpInvokerServiceExporter();
exporter.setService(new AccountServiceImpl());
exporter.setServiceInterface(AccountService.class);
return exporter;
}
@Bean(name = "/unsafeCustomeRemoteInvocationSerializingExporter")
RemoteInvocationSerializingExporter unsafeCustomeRemoteInvocationSerializingExporter() {
return new CustomeRemoteInvocationSerializingExporter();
}
HttpInvokerServiceExporter notABean() {
HttpInvokerServiceExporter exporter = new HttpInvokerServiceExporter();
exporter.setService(new AccountServiceImpl());
@@ -21,6 +27,8 @@ public class SpringHttpInvokerUnsafeDeserialization {
}
}
class CustomeRemoteInvocationSerializingExporter extends RemoteInvocationSerializingExporter {}
class NotAConfiguration {
@Bean(name = "/notAnEndpoint")

4
java/ql/test/stubs/springframework-5.2.3/org/springframework/remoting/rmi/RemoteInvocationSerializingExporter.java
View File

@@ -1,5 +1,3 @@
package org.springframework.remoting.rmi;
public abstract class RemoteInvocationSerializingExporter {
}
public abstract class RemoteInvocationSerializingExporter {}