hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: convert JexlInjection test to .qlref

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-06-23 12:10:08 +02:00
parent 1cc91e964d
commit 1b61cb660a
9 changed files with 332 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
java/ql/test/query-tests/security/CWE-094/Jexl2Injection.java → java/ql/test/query-tests/security/CWE-094/JexlInjection/Jexl2Injection.java
View File

@@ -11,21 +11,21 @@ public class Jexl2Injection {
JexlEngine jexl = new JexlEngine();
Expression e = jexl.createExpression(jexlExpr);
JexlContext jc = new MapContext();
e.evaluate(jc); // $hasJexlInjection
e.evaluate(jc); // $ Alert
}
private static void runJexlExpressionWithJexlInfo(String jexlExpr) {
JexlEngine jexl = new JexlEngine();
Expression e = jexl.createExpression(jexlExpr, new DebugInfo("unknown", 0, 0));
JexlContext jc = new MapContext();
e.evaluate(jc); // $hasJexlInjection
e.evaluate(jc); // $ Alert
}
private static void runJexlScript(String jexlExpr) {
JexlEngine jexl = new JexlEngine();
Script script = jexl.createScript(jexlExpr);
JexlContext jc = new MapContext();
script.execute(jc); // $hasJexlInjection
script.execute(jc); // $ Alert
}
private static void runJexlScriptViaCallable(String jexlExpr) {
@@ -34,7 +34,7 @@ public class Jexl2Injection {
JexlContext jc = new MapContext();
try {
script.callable(jc).call(); // $hasJexlInjection
script.callable(jc).call(); // $ Alert
} catch (Exception e) {
throw new RuntimeException(e);
}
@@ -42,37 +42,37 @@ public class Jexl2Injection {
private static void runJexlExpressionViaGetProperty(String jexlExpr) {
JexlEngine jexl = new JexlEngine();
jexl.getProperty(new Object(), jexlExpr); // $hasJexlInjection
jexl.getProperty(new Object(), jexlExpr); // $ Alert
}
private static void runJexlExpressionViaSetProperty(String jexlExpr) {
JexlEngine jexl = new JexlEngine();
jexl.setProperty(new Object(), jexlExpr, new Object()); // $hasJexlInjection
jexl.setProperty(new Object(), jexlExpr, new Object()); // $ Alert
}
private static void runJexlExpressionViaUnifiedJEXLParseAndEvaluate(String jexlExpr) {
JexlEngine jexl = new JexlEngine();
UnifiedJEXL unifiedJEXL = new UnifiedJEXL(jexl);
unifiedJEXL.parse(jexlExpr).evaluate(new MapContext()); // $hasJexlInjection
unifiedJEXL.parse(jexlExpr).evaluate(new MapContext()); // $ Alert
}
private static void runJexlExpressionViaUnifiedJEXLParseAndPrepare(String jexlExpr) {
JexlEngine jexl = new JexlEngine();
UnifiedJEXL unifiedJEXL = new UnifiedJEXL(jexl);
unifiedJEXL.parse(jexlExpr).prepare(new MapContext()); // $hasJexlInjection
unifiedJEXL.parse(jexlExpr).prepare(new MapContext()); // $ Alert
}
private static void runJexlExpressionViaUnifiedJEXLTemplateEvaluate(String jexlExpr) {
JexlEngine jexl = new JexlEngine();
UnifiedJEXL unifiedJEXL = new UnifiedJEXL(jexl);
unifiedJEXL.createTemplate(jexlExpr).evaluate(new MapContext(), new StringWriter()); // $hasJexlInjection
unifiedJEXL.createTemplate(jexlExpr).evaluate(new MapContext(), new StringWriter()); // $ Alert
}
private static void testWithSocket(Consumer<String> action) throws Exception {
try (ServerSocket serverSocket = new ServerSocket(0)) {
try (Socket socket = serverSocket.accept()) {
byte[] bytes = new byte[1024];
int n = socket.getInputStream().read(bytes);
int n = socket.getInputStream().read(bytes); // $ Source
String jexlExpr = new String(bytes, 0, n);
action.accept(jexlExpr);
}

28
java/ql/test/query-tests/security/CWE-094/Jexl3Injection.java → java/ql/test/query-tests/security/CWE-094/JexlInjection/Jexl3Injection.java
View File

@@ -18,21 +18,21 @@ public class Jexl3Injection {
JexlEngine jexl = new JexlBuilder().create();
JexlExpression e = jexl.createExpression(jexlExpr);
JexlContext jc = new MapContext();
e.evaluate(jc); // $hasJexlInjection
e.evaluate(jc); // $ Alert
}
private static void runJexlExpressionWithJexlInfo(String jexlExpr) {
JexlEngine jexl = new JexlBuilder().create();
JexlExpression e = jexl.createExpression(new JexlInfo("unknown", 0, 0), jexlExpr);
JexlContext jc = new MapContext();
e.evaluate(jc); // $hasJexlInjection
e.evaluate(jc); // $ Alert
}
private static void runJexlScript(String jexlExpr) {
JexlEngine jexl = new JexlBuilder().create();
JexlScript script = jexl.createScript(jexlExpr);
JexlContext jc = new MapContext();
script.execute(jc); // $hasJexlInjection
script.execute(jc); // $ Alert
}
private static void runJexlScriptViaCallable(String jexlExpr) {
@@ -41,7 +41,7 @@ public class Jexl3Injection {
JexlContext jc = new MapContext();
try {
script.callable(jc).call(); // $hasJexlInjection
script.callable(jc).call(); // $ Alert
} catch (Exception e) {
throw new RuntimeException(e);
}
@@ -49,30 +49,30 @@ public class Jexl3Injection {
private static void runJexlExpressionViaGetProperty(String jexlExpr) {
JexlEngine jexl = new JexlBuilder().create();
jexl.getProperty(new Object(), jexlExpr); // $hasJexlInjection
jexl.getProperty(new Object(), jexlExpr); // $ Alert
}
private static void runJexlExpressionViaSetProperty(String jexlExpr) {
JexlEngine jexl = new JexlBuilder().create();
jexl.setProperty(new Object(), jexlExpr, new Object()); // $hasJexlInjection
jexl.setProperty(new Object(), jexlExpr, new Object()); // $ Alert
}
private static void runJexlExpressionViaJxltEngineExpressionEvaluate(String jexlExpr) {
JexlEngine jexl = new JexlBuilder().create();
JxltEngine jxlt = jexl.createJxltEngine();
jxlt.createExpression(jexlExpr).evaluate(new MapContext()); // $hasJexlInjection
jxlt.createExpression(jexlExpr).evaluate(new MapContext()); // $ Alert
}
private static void runJexlExpressionViaJxltEngineExpressionPrepare(String jexlExpr) {
JexlEngine jexl = new JexlBuilder().create();
JxltEngine jxlt = jexl.createJxltEngine();
jxlt.createExpression(jexlExpr).prepare(new MapContext()); // $hasJexlInjection
jxlt.createExpression(jexlExpr).prepare(new MapContext()); // $ Alert
}
private static void runJexlExpressionViaJxltEngineTemplateEvaluate(String jexlExpr) {
JexlEngine jexl = new JexlBuilder().create();
JxltEngine jxlt = jexl.createJxltEngine();
jxlt.createTemplate(jexlExpr).evaluate(new MapContext(), new StringWriter()); // $hasJexlInjection
jxlt.createTemplate(jexlExpr).evaluate(new MapContext(), new StringWriter()); // $ Alert
}
private static void runJexlExpressionViaCallable(String jexlExpr) {
@@ -81,7 +81,7 @@ public class Jexl3Injection {
JexlContext jc = new MapContext();
try {
e.callable(jc).call(); // $hasJexlInjection
e.callable(jc).call(); // $ Alert
} catch (Exception ex) {
throw new RuntimeException(ex);
}
@@ -91,7 +91,7 @@ public class Jexl3Injection {
try (ServerSocket serverSocket = new ServerSocket(0)) {
try (Socket socket = serverSocket.accept()) {
byte[] bytes = new byte[1024];
int n = socket.getInputStream().read(bytes);
int n = socket.getInputStream().read(bytes); // $ Source
String jexlExpr = new String(bytes, 0, n);
action.accept(jexlExpr);
}
@@ -141,14 +141,14 @@ public class Jexl3Injection {
}
@PostMapping("/request")
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromPathVariable(@PathVariable String expr) {
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromPathVariable(@PathVariable String expr) { // $ Source
runJexlExpression(expr);
return ResponseEntity.ok(HttpStatus.OK);
}
@PostMapping("/request")
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromRequestBody(@RequestBody Data data) {
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromRequestBody(@RequestBody Data data) { // $ Source
String expr = data.getExpr();
runJexlExpression(expr);
@@ -158,7 +158,7 @@ public class Jexl3Injection {
@PostMapping("/request")
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromRequestBodyWithNestedObjects(
@RequestBody CustomRequest customRequest) {
@RequestBody CustomRequest customRequest) { // $ Source
String expr = customRequest.getData().getExpr();
runJexlExpression(expr);

303
java/ql/test/query-tests/security/CWE-094/JexlInjection/JexlInjectionTest.expected Normal file
View File

@@ -0,0 +1,303 @@
#select
| Jexl2Injection.java:14:9:14:9 | e | Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | Jexl2Injection.java:14:9:14:9 | e | JEXL expression depends on a $@. | Jexl2Injection.java:75:25:75:47 | getInputStream(...) | user-provided value |
| Jexl2Injection.java:21:9:21:9 | e | Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | Jexl2Injection.java:21:9:21:9 | e | JEXL expression depends on a $@. | Jexl2Injection.java:75:25:75:47 | getInputStream(...) | user-provided value |
| Jexl2Injection.java:28:9:28:14 | script | Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | Jexl2Injection.java:28:9:28:14 | script | JEXL expression depends on a $@. | Jexl2Injection.java:75:25:75:47 | getInputStream(...) | user-provided value |
| Jexl2Injection.java:37:13:37:18 | script | Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | Jexl2Injection.java:37:13:37:18 | script | JEXL expression depends on a $@. | Jexl2Injection.java:75:25:75:47 | getInputStream(...) | user-provided value |
| Jexl2Injection.java:45:40:45:47 | jexlExpr | Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | Jexl2Injection.java:45:40:45:47 | jexlExpr | JEXL expression depends on a $@. | Jexl2Injection.java:75:25:75:47 | getInputStream(...) | user-provided value |
| Jexl2Injection.java:50:40:50:47 | jexlExpr | Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | Jexl2Injection.java:50:40:50:47 | jexlExpr | JEXL expression depends on a $@. | Jexl2Injection.java:75:25:75:47 | getInputStream(...) | user-provided value |
| Jexl2Injection.java:56:9:56:35 | parse(...) | Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | Jexl2Injection.java:56:9:56:35 | parse(...) | JEXL expression depends on a $@. | Jexl2Injection.java:75:25:75:47 | getInputStream(...) | user-provided value |
| Jexl2Injection.java:62:9:62:35 | parse(...) | Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | Jexl2Injection.java:62:9:62:35 | parse(...) | JEXL expression depends on a $@. | Jexl2Injection.java:75:25:75:47 | getInputStream(...) | user-provided value |
| Jexl2Injection.java:68:9:68:44 | createTemplate(...) | Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | Jexl2Injection.java:68:9:68:44 | createTemplate(...) | JEXL expression depends on a $@. | Jexl2Injection.java:75:25:75:47 | getInputStream(...) | user-provided value |
| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:21:9:21:9 | e | JEXL expression depends on a $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | user-provided value |
| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:144:85:144:109 | expr : String | Jexl3Injection.java:21:9:21:9 | e | JEXL expression depends on a $@. | Jexl3Injection.java:144:85:144:109 | expr | user-provided value |
| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:151:84:151:105 | data : Data | Jexl3Injection.java:21:9:21:9 | e | JEXL expression depends on a $@. | Jexl3Injection.java:151:84:151:105 | data | user-provided value |
| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | Jexl3Injection.java:21:9:21:9 | e | JEXL expression depends on a $@. | Jexl3Injection.java:161:13:161:52 | customRequest | user-provided value |
| Jexl3Injection.java:28:9:28:9 | e | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:28:9:28:9 | e | JEXL expression depends on a $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | user-provided value |
| Jexl3Injection.java:35:9:35:14 | script | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:35:9:35:14 | script | JEXL expression depends on a $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | user-provided value |
| Jexl3Injection.java:44:13:44:18 | script | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:44:13:44:18 | script | JEXL expression depends on a $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | user-provided value |
| Jexl3Injection.java:52:40:52:47 | jexlExpr | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:52:40:52:47 | jexlExpr | JEXL expression depends on a $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | user-provided value |
| Jexl3Injection.java:57:40:57:47 | jexlExpr | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:57:40:57:47 | jexlExpr | JEXL expression depends on a $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | user-provided value |
| Jexl3Injection.java:63:9:63:39 | createExpression(...) | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:63:9:63:39 | createExpression(...) | JEXL expression depends on a $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | user-provided value |
| Jexl3Injection.java:69:9:69:39 | createExpression(...) | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:69:9:69:39 | createExpression(...) | JEXL expression depends on a $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | user-provided value |
| Jexl3Injection.java:75:9:75:37 | createTemplate(...) | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:75:9:75:37 | createTemplate(...) | JEXL expression depends on a $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | user-provided value |
| Jexl3Injection.java:84:13:84:13 | e | Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:84:13:84:13 | e | JEXL expression depends on a $@. | Jexl3Injection.java:94:25:94:47 | getInputStream(...) | user-provided value |
edges
| Jexl2Injection.java:10:43:10:57 | jexlExpr : String | Jexl2Injection.java:12:46:12:53 | jexlExpr : String | provenance | |
| Jexl2Injection.java:12:24:12:54 | createExpression(...) : Expression | Jexl2Injection.java:14:9:14:9 | e | provenance | Sink:MaD:1 |
| Jexl2Injection.java:12:46:12:53 | jexlExpr : String | Jexl2Injection.java:12:24:12:54 | createExpression(...) : Expression | provenance | Config |
| Jexl2Injection.java:17:55:17:69 | jexlExpr : String | Jexl2Injection.java:19:46:19:53 | jexlExpr : String | provenance | |
| Jexl2Injection.java:19:24:19:86 | createExpression(...) : Expression | Jexl2Injection.java:21:9:21:9 | e | provenance | Sink:MaD:1 |
| Jexl2Injection.java:19:46:19:53 | jexlExpr : String | Jexl2Injection.java:19:24:19:86 | createExpression(...) : Expression | provenance | Config |
| Jexl2Injection.java:24:39:24:53 | jexlExpr : String | Jexl2Injection.java:26:43:26:50 | jexlExpr : String | provenance | |
| Jexl2Injection.java:26:25:26:51 | createScript(...) : Script | Jexl2Injection.java:28:9:28:14 | script | provenance | Sink:MaD:5 |
| Jexl2Injection.java:26:43:26:50 | jexlExpr : String | Jexl2Injection.java:26:25:26:51 | createScript(...) : Script | provenance | Config |
| Jexl2Injection.java:31:50:31:64 | jexlExpr : String | Jexl2Injection.java:33:43:33:50 | jexlExpr : String | provenance | |
| Jexl2Injection.java:33:25:33:51 | createScript(...) : Script | Jexl2Injection.java:37:13:37:18 | script | provenance | Sink:MaD:4 |
| Jexl2Injection.java:33:43:33:50 | jexlExpr : String | Jexl2Injection.java:33:25:33:51 | createScript(...) : Script | provenance | Config |
| Jexl2Injection.java:43:57:43:71 | jexlExpr : String | Jexl2Injection.java:45:40:45:47 | jexlExpr | provenance | Sink:MaD:2 |
| Jexl2Injection.java:48:57:48:71 | jexlExpr : String | Jexl2Injection.java:50:40:50:47 | jexlExpr | provenance | Sink:MaD:3 |
| Jexl2Injection.java:53:73:53:87 | jexlExpr : String | Jexl2Injection.java:56:27:56:34 | jexlExpr : String | provenance | |
| Jexl2Injection.java:56:27:56:34 | jexlExpr : String | Jexl2Injection.java:56:9:56:35 | parse(...) | provenance | Config Sink:MaD:6 |
| Jexl2Injection.java:59:72:59:86 | jexlExpr : String | Jexl2Injection.java:62:27:62:34 | jexlExpr : String | provenance | |
| Jexl2Injection.java:62:27:62:34 | jexlExpr : String | Jexl2Injection.java:62:9:62:35 | parse(...) | provenance | Config Sink:MaD:7 |
| Jexl2Injection.java:65:73:65:87 | jexlExpr : String | Jexl2Injection.java:68:36:68:43 | jexlExpr : String | provenance | |
| Jexl2Injection.java:68:36:68:43 | jexlExpr : String | Jexl2Injection.java:68:9:68:44 | createTemplate(...) | provenance | Config Sink:MaD:8 |
| Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | Jexl2Injection.java:75:54:75:58 | bytes [post update] : byte[] | provenance | Src:MaD:18 MaD:19 |
| Jexl2Injection.java:75:54:75:58 | bytes [post update] : byte[] | Jexl2Injection.java:76:46:76:50 | bytes : byte[] | provenance | |
| Jexl2Injection.java:76:35:76:57 | new String(...) : String | Jexl2Injection.java:77:31:77:38 | jexlExpr : String | provenance | |
| Jexl2Injection.java:76:46:76:50 | bytes : byte[] | Jexl2Injection.java:76:35:76:57 | new String(...) : String | provenance | MaD:20 |
| Jexl2Injection.java:77:31:77:38 | jexlExpr : String | Jexl2Injection.java:85:24:85:56 | jexlExpr : String | provenance | |
| Jexl2Injection.java:77:31:77:38 | jexlExpr : String | Jexl2Injection.java:89:24:89:68 | jexlExpr : String | provenance | |
| Jexl2Injection.java:77:31:77:38 | jexlExpr : String | Jexl2Injection.java:93:24:93:52 | jexlExpr : String | provenance | |
| Jexl2Injection.java:77:31:77:38 | jexlExpr : String | Jexl2Injection.java:97:24:97:63 | jexlExpr : String | provenance | |
| Jexl2Injection.java:77:31:77:38 | jexlExpr : String | Jexl2Injection.java:101:24:101:70 | jexlExpr : String | provenance | |
| Jexl2Injection.java:77:31:77:38 | jexlExpr : String | Jexl2Injection.java:105:24:105:70 | jexlExpr : String | provenance | |
| Jexl2Injection.java:77:31:77:38 | jexlExpr : String | Jexl2Injection.java:109:24:109:86 | jexlExpr : String | provenance | |
| Jexl2Injection.java:77:31:77:38 | jexlExpr : String | Jexl2Injection.java:113:24:113:85 | jexlExpr : String | provenance | |
| Jexl2Injection.java:77:31:77:38 | jexlExpr : String | Jexl2Injection.java:117:24:117:86 | jexlExpr : String | provenance | |
| Jexl2Injection.java:85:24:85:56 | jexlExpr : String | Jexl2Injection.java:10:43:10:57 | jexlExpr : String | provenance | |
| Jexl2Injection.java:85:24:85:56 | jexlExpr : String | Jexl2Injection.java:85:24:85:56 | jexlExpr : String | provenance | |
| Jexl2Injection.java:89:24:89:68 | jexlExpr : String | Jexl2Injection.java:17:55:17:69 | jexlExpr : String | provenance | |
| Jexl2Injection.java:89:24:89:68 | jexlExpr : String | Jexl2Injection.java:89:24:89:68 | jexlExpr : String | provenance | |
| Jexl2Injection.java:93:24:93:52 | jexlExpr : String | Jexl2Injection.java:24:39:24:53 | jexlExpr : String | provenance | |
| Jexl2Injection.java:93:24:93:52 | jexlExpr : String | Jexl2Injection.java:93:24:93:52 | jexlExpr : String | provenance | |
| Jexl2Injection.java:97:24:97:63 | jexlExpr : String | Jexl2Injection.java:31:50:31:64 | jexlExpr : String | provenance | |
| Jexl2Injection.java:97:24:97:63 | jexlExpr : String | Jexl2Injection.java:97:24:97:63 | jexlExpr : String | provenance | |
| Jexl2Injection.java:101:24:101:70 | jexlExpr : String | Jexl2Injection.java:43:57:43:71 | jexlExpr : String | provenance | |
| Jexl2Injection.java:101:24:101:70 | jexlExpr : String | Jexl2Injection.java:101:24:101:70 | jexlExpr : String | provenance | |
| Jexl2Injection.java:105:24:105:70 | jexlExpr : String | Jexl2Injection.java:48:57:48:71 | jexlExpr : String | provenance | |
| Jexl2Injection.java:105:24:105:70 | jexlExpr : String | Jexl2Injection.java:105:24:105:70 | jexlExpr : String | provenance | |
| Jexl2Injection.java:109:24:109:86 | jexlExpr : String | Jexl2Injection.java:53:73:53:87 | jexlExpr : String | provenance | |
| Jexl2Injection.java:109:24:109:86 | jexlExpr : String | Jexl2Injection.java:109:24:109:86 | jexlExpr : String | provenance | |
| Jexl2Injection.java:113:24:113:85 | jexlExpr : String | Jexl2Injection.java:59:72:59:86 | jexlExpr : String | provenance | |
| Jexl2Injection.java:113:24:113:85 | jexlExpr : String | Jexl2Injection.java:113:24:113:85 | jexlExpr : String | provenance | |
| Jexl2Injection.java:117:24:117:86 | jexlExpr : String | Jexl2Injection.java:65:73:65:87 | jexlExpr : String | provenance | |
| Jexl2Injection.java:117:24:117:86 | jexlExpr : String | Jexl2Injection.java:117:24:117:86 | jexlExpr : String | provenance | |
| Jexl3Injection.java:17:43:17:57 | jexlExpr : String | Jexl3Injection.java:19:50:19:57 | jexlExpr : String | provenance | |
| Jexl3Injection.java:19:28:19:58 | createExpression(...) : JexlExpression | Jexl3Injection.java:21:9:21:9 | e | provenance | Sink:MaD:12 |
| Jexl3Injection.java:19:50:19:57 | jexlExpr : String | Jexl3Injection.java:19:28:19:58 | createExpression(...) : JexlExpression | provenance | Config |
| Jexl3Injection.java:24:55:24:69 | jexlExpr : String | Jexl3Injection.java:26:81:26:88 | jexlExpr : String | provenance | |
| Jexl3Injection.java:26:28:26:89 | createExpression(...) : JexlExpression | Jexl3Injection.java:28:9:28:9 | e | provenance | Sink:MaD:12 |
| Jexl3Injection.java:26:81:26:88 | jexlExpr : String | Jexl3Injection.java:26:28:26:89 | createExpression(...) : JexlExpression | provenance | Config |
| Jexl3Injection.java:31:39:31:53 | jexlExpr : String | Jexl3Injection.java:33:47:33:54 | jexlExpr : String | provenance | |
| Jexl3Injection.java:33:29:33:55 | createScript(...) : JexlScript | Jexl3Injection.java:35:9:35:14 | script | provenance | Sink:MaD:14 |
| Jexl3Injection.java:33:47:33:54 | jexlExpr : String | Jexl3Injection.java:33:29:33:55 | createScript(...) : JexlScript | provenance | Config |
| Jexl3Injection.java:38:50:38:64 | jexlExpr : String | Jexl3Injection.java:40:47:40:54 | jexlExpr : String | provenance | |
| Jexl3Injection.java:40:29:40:55 | createScript(...) : JexlScript | Jexl3Injection.java:44:13:44:18 | script | provenance | Sink:MaD:13 |
| Jexl3Injection.java:40:47:40:54 | jexlExpr : String | Jexl3Injection.java:40:29:40:55 | createScript(...) : JexlScript | provenance | Config |
| Jexl3Injection.java:50:57:50:71 | jexlExpr : String | Jexl3Injection.java:52:40:52:47 | jexlExpr | provenance | Sink:MaD:9 |
| Jexl3Injection.java:55:57:55:71 | jexlExpr : String | Jexl3Injection.java:57:40:57:47 | jexlExpr | provenance | Sink:MaD:10 |
| Jexl3Injection.java:60:74:60:88 | jexlExpr : String | Jexl3Injection.java:63:31:63:38 | jexlExpr : String | provenance | |
| Jexl3Injection.java:63:31:63:38 | jexlExpr : String | Jexl3Injection.java:63:9:63:39 | createExpression(...) | provenance | Config Sink:MaD:15 |
| Jexl3Injection.java:66:73:66:87 | jexlExpr : String | Jexl3Injection.java:69:31:69:38 | jexlExpr : String | provenance | |
| Jexl3Injection.java:69:31:69:38 | jexlExpr : String | Jexl3Injection.java:69:9:69:39 | createExpression(...) | provenance | Config Sink:MaD:16 |
| Jexl3Injection.java:72:72:72:86 | jexlExpr : String | Jexl3Injection.java:75:29:75:36 | jexlExpr : String | provenance | |
| Jexl3Injection.java:75:29:75:36 | jexlExpr : String | Jexl3Injection.java:75:9:75:37 | createTemplate(...) | provenance | Config Sink:MaD:17 |
| Jexl3Injection.java:78:54:78:68 | jexlExpr : String | Jexl3Injection.java:80:50:80:57 | jexlExpr : String | provenance | |
| Jexl3Injection.java:80:28:80:58 | createExpression(...) : JexlExpression | Jexl3Injection.java:84:13:84:13 | e | provenance | Sink:MaD:11 |
| Jexl3Injection.java:80:50:80:57 | jexlExpr : String | Jexl3Injection.java:80:28:80:58 | createExpression(...) : JexlExpression | provenance | Config |
| Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | Jexl3Injection.java:94:54:94:58 | bytes [post update] : byte[] | provenance | Src:MaD:18 MaD:19 |
| Jexl3Injection.java:94:54:94:58 | bytes [post update] : byte[] | Jexl3Injection.java:95:46:95:50 | bytes : byte[] | provenance | |
| Jexl3Injection.java:95:35:95:57 | new String(...) : String | Jexl3Injection.java:96:31:96:38 | jexlExpr : String | provenance | |
| Jexl3Injection.java:95:46:95:50 | bytes : byte[] | Jexl3Injection.java:95:35:95:57 | new String(...) : String | provenance | MaD:20 |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:104:24:104:56 | jexlExpr : String | provenance | |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:108:24:108:68 | jexlExpr : String | provenance | |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:112:24:112:52 | jexlExpr : String | provenance | |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:116:24:116:63 | jexlExpr : String | provenance | |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:120:24:120:70 | jexlExpr : String | provenance | |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:124:24:124:70 | jexlExpr : String | provenance | |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:128:24:128:87 | jexlExpr : String | provenance | |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:132:24:132:86 | jexlExpr : String | provenance | |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:136:24:136:85 | jexlExpr : String | provenance | |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | Jexl3Injection.java:140:24:140:67 | jexlExpr : String | provenance | |
| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String | provenance | |
| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | Jexl3Injection.java:104:24:104:56 | jexlExpr : String | provenance | |
| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | Jexl3Injection.java:24:55:24:69 | jexlExpr : String | provenance | |
| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | Jexl3Injection.java:108:24:108:68 | jexlExpr : String | provenance | |
| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | Jexl3Injection.java:31:39:31:53 | jexlExpr : String | provenance | |
| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | Jexl3Injection.java:112:24:112:52 | jexlExpr : String | provenance | |
| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | Jexl3Injection.java:38:50:38:64 | jexlExpr : String | provenance | |
| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | Jexl3Injection.java:116:24:116:63 | jexlExpr : String | provenance | |
| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | Jexl3Injection.java:50:57:50:71 | jexlExpr : String | provenance | |
| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | Jexl3Injection.java:120:24:120:70 | jexlExpr : String | provenance | |
| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | Jexl3Injection.java:55:57:55:71 | jexlExpr : String | provenance | |
| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | Jexl3Injection.java:124:24:124:70 | jexlExpr : String | provenance | |
| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | Jexl3Injection.java:60:74:60:88 | jexlExpr : String | provenance | |
| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | Jexl3Injection.java:128:24:128:87 | jexlExpr : String | provenance | |
| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | Jexl3Injection.java:66:73:66:87 | jexlExpr : String | provenance | |
| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | Jexl3Injection.java:132:24:132:86 | jexlExpr : String | provenance | |
| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | Jexl3Injection.java:72:72:72:86 | jexlExpr : String | provenance | |
| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | Jexl3Injection.java:136:24:136:85 | jexlExpr : String | provenance | |
| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | Jexl3Injection.java:78:54:78:68 | jexlExpr : String | provenance | |
| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | Jexl3Injection.java:140:24:140:67 | jexlExpr : String | provenance | |
| Jexl3Injection.java:144:85:144:109 | expr : String | Jexl3Injection.java:146:27:146:30 | expr : String | provenance | |
| Jexl3Injection.java:146:27:146:30 | expr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String | provenance | |
| Jexl3Injection.java:151:84:151:105 | data : Data | Jexl3Injection.java:153:23:153:26 | data : Data | provenance | |
| Jexl3Injection.java:151:84:151:105 | data : Data | Jexl3Injection.java:154:27:154:30 | expr : String | provenance | SpringUntrustedDataType.getter |
| Jexl3Injection.java:153:23:153:26 | data : Data | Jexl3Injection.java:153:23:153:36 | getExpr(...) : String | provenance | entrypointFieldStep |
| Jexl3Injection.java:153:23:153:26 | data : Data | Jexl3Injection.java:190:23:190:29 | parameter this : Data | provenance | |
| Jexl3Injection.java:153:23:153:36 | getExpr(...) : String | Jexl3Injection.java:154:27:154:30 | expr : String | provenance | |
| Jexl3Injection.java:154:27:154:30 | expr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String | provenance | |
| Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | Jexl3Injection.java:163:23:163:35 | customRequest : CustomRequest | provenance | |
| Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | Jexl3Injection.java:163:23:163:45 | getData(...) : Data | provenance | SpringUntrustedDataType.getter |
| Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | Jexl3Injection.java:164:27:164:30 | expr : String | provenance | SpringUntrustedDataType.getter |
| Jexl3Injection.java:163:23:163:35 | customRequest : CustomRequest | Jexl3Injection.java:163:23:163:45 | getData(...) : Data | provenance | entrypointFieldStep |
| Jexl3Injection.java:163:23:163:35 | customRequest : CustomRequest | Jexl3Injection.java:177:21:177:27 | parameter this : CustomRequest | provenance | |
| Jexl3Injection.java:163:23:163:45 | getData(...) : Data | Jexl3Injection.java:163:23:163:55 | getExpr(...) : String | provenance | entrypointFieldStep |
| Jexl3Injection.java:163:23:163:45 | getData(...) : Data | Jexl3Injection.java:164:27:164:30 | expr : String | provenance | SpringUntrustedDataType.getter |
| Jexl3Injection.java:163:23:163:45 | getData(...) : Data | Jexl3Injection.java:190:23:190:29 | parameter this : Data | provenance | |
| Jexl3Injection.java:163:23:163:55 | getExpr(...) : String | Jexl3Injection.java:164:27:164:30 | expr : String | provenance | |
| Jexl3Injection.java:164:27:164:30 | expr : String | Jexl3Injection.java:17:43:17:57 | jexlExpr : String | provenance | |
| Jexl3Injection.java:177:21:177:27 | parameter this : CustomRequest | Jexl3Injection.java:178:20:178:23 | data : Data | provenance | entrypointFieldStep |
| Jexl3Injection.java:190:23:190:29 | parameter this : Data | Jexl3Injection.java:191:20:191:23 | expr : String | provenance | entrypointFieldStep |
models
| 1 | Sink: org.apache.commons.jexl2; Expression; false; evaluate; ; ; Argument[this]; jexl-injection; manual |
| 2 | Sink: org.apache.commons.jexl2; JexlEngine; false; getProperty; (Object,String); ; Argument[1]; jexl-injection; manual |
| 3 | Sink: org.apache.commons.jexl2; JexlEngine; false; setProperty; (Object,String,Object); ; Argument[1]; jexl-injection; manual |
| 4 | Sink: org.apache.commons.jexl2; Script; false; callable; ; ; Argument[this]; jexl-injection; manual |
| 5 | Sink: org.apache.commons.jexl2; Script; false; execute; ; ; Argument[this]; jexl-injection; manual |
| 6 | Sink: org.apache.commons.jexl2; UnifiedJEXL$Expression; false; evaluate; ; ; Argument[this]; jexl-injection; manual |
| 7 | Sink: org.apache.commons.jexl2; UnifiedJEXL$Expression; false; prepare; ; ; Argument[this]; jexl-injection; manual |
| 8 | Sink: org.apache.commons.jexl2; UnifiedJEXL$Template; false; evaluate; ; ; Argument[this]; jexl-injection; manual |
| 9 | Sink: org.apache.commons.jexl3; JexlEngine; false; getProperty; (Object,String); ; Argument[1]; jexl-injection; manual |
| 10 | Sink: org.apache.commons.jexl3; JexlEngine; false; setProperty; (Object,String,Object); ; Argument[1]; jexl-injection; manual |
| 11 | Sink: org.apache.commons.jexl3; JexlExpression; false; callable; ; ; Argument[this]; jexl-injection; manual |
| 12 | Sink: org.apache.commons.jexl3; JexlExpression; false; evaluate; ; ; Argument[this]; jexl-injection; manual |
| 13 | Sink: org.apache.commons.jexl3; JexlScript; false; callable; ; ; Argument[this]; jexl-injection; manual |
| 14 | Sink: org.apache.commons.jexl3; JexlScript; false; execute; ; ; Argument[this]; jexl-injection; manual |
| 15 | Sink: org.apache.commons.jexl3; JxltEngine$Expression; false; evaluate; ; ; Argument[this]; jexl-injection; manual |
| 16 | Sink: org.apache.commons.jexl3; JxltEngine$Expression; false; prepare; ; ; Argument[this]; jexl-injection; manual |
| 17 | Sink: org.apache.commons.jexl3; JxltEngine$Template; false; evaluate; ; ; Argument[this]; jexl-injection; manual |
| 18 | Source: java.net; Socket; false; getInputStream; (); ; ReturnValue; remote; manual |
| 19 | Summary: java.io; InputStream; true; read; (byte[]); ; Argument[this]; Argument[0]; taint; manual |
| 20 | Summary: java.lang; String; false; String; ; ; Argument[0]; Argument[this]; taint; manual |
nodes
| Jexl2Injection.java:10:43:10:57 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:12:24:12:54 | createExpression(...) : Expression | semmle.label | createExpression(...) : Expression |
| Jexl2Injection.java:12:46:12:53 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:14:9:14:9 | e | semmle.label | e |
| Jexl2Injection.java:17:55:17:69 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:19:24:19:86 | createExpression(...) : Expression | semmle.label | createExpression(...) : Expression |
| Jexl2Injection.java:19:46:19:53 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:21:9:21:9 | e | semmle.label | e |
| Jexl2Injection.java:24:39:24:53 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:26:25:26:51 | createScript(...) : Script | semmle.label | createScript(...) : Script |
| Jexl2Injection.java:26:43:26:50 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:28:9:28:14 | script | semmle.label | script |
| Jexl2Injection.java:31:50:31:64 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:33:25:33:51 | createScript(...) : Script | semmle.label | createScript(...) : Script |
| Jexl2Injection.java:33:43:33:50 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:37:13:37:18 | script | semmle.label | script |
| Jexl2Injection.java:43:57:43:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:45:40:45:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl2Injection.java:48:57:48:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:50:40:50:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl2Injection.java:53:73:53:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:56:9:56:35 | parse(...) | semmle.label | parse(...) |
| Jexl2Injection.java:56:27:56:34 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:59:72:59:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:62:9:62:35 | parse(...) | semmle.label | parse(...) |
| Jexl2Injection.java:62:27:62:34 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:65:73:65:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:68:9:68:44 | createTemplate(...) | semmle.label | createTemplate(...) |
| Jexl2Injection.java:68:36:68:43 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:75:25:75:47 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| Jexl2Injection.java:75:54:75:58 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
| Jexl2Injection.java:76:35:76:57 | new String(...) : String | semmle.label | new String(...) : String |
| Jexl2Injection.java:76:46:76:50 | bytes : byte[] | semmle.label | bytes : byte[] |
| Jexl2Injection.java:77:31:77:38 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:85:24:85:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:85:24:85:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:89:24:89:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:89:24:89:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:93:24:93:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:93:24:93:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:97:24:97:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:97:24:97:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:101:24:101:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:101:24:101:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:105:24:105:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:105:24:105:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:109:24:109:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:109:24:109:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:113:24:113:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:113:24:113:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:117:24:117:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:117:24:117:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:17:43:17:57 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:19:28:19:58 | createExpression(...) : JexlExpression | semmle.label | createExpression(...) : JexlExpression |
| Jexl3Injection.java:19:50:19:57 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:21:9:21:9 | e | semmle.label | e |
| Jexl3Injection.java:24:55:24:69 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:26:28:26:89 | createExpression(...) : JexlExpression | semmle.label | createExpression(...) : JexlExpression |
| Jexl3Injection.java:26:81:26:88 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:28:9:28:9 | e | semmle.label | e |
| Jexl3Injection.java:31:39:31:53 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:33:29:33:55 | createScript(...) : JexlScript | semmle.label | createScript(...) : JexlScript |
| Jexl3Injection.java:33:47:33:54 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:35:9:35:14 | script | semmle.label | script |
| Jexl3Injection.java:38:50:38:64 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:40:29:40:55 | createScript(...) : JexlScript | semmle.label | createScript(...) : JexlScript |
| Jexl3Injection.java:40:47:40:54 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:44:13:44:18 | script | semmle.label | script |
| Jexl3Injection.java:50:57:50:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:52:40:52:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl3Injection.java:55:57:55:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:57:40:57:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl3Injection.java:60:74:60:88 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:63:9:63:39 | createExpression(...) | semmle.label | createExpression(...) |
| Jexl3Injection.java:63:31:63:38 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:66:73:66:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:69:9:69:39 | createExpression(...) | semmle.label | createExpression(...) |
| Jexl3Injection.java:69:31:69:38 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:72:72:72:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:75:9:75:37 | createTemplate(...) | semmle.label | createTemplate(...) |
| Jexl3Injection.java:75:29:75:36 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:78:54:78:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:80:28:80:58 | createExpression(...) : JexlExpression | semmle.label | createExpression(...) : JexlExpression |
| Jexl3Injection.java:80:50:80:57 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:84:13:84:13 | e | semmle.label | e |
| Jexl3Injection.java:94:25:94:47 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| Jexl3Injection.java:94:54:94:58 | bytes [post update] : byte[] | semmle.label | bytes [post update] : byte[] |
| Jexl3Injection.java:95:35:95:57 | new String(...) : String | semmle.label | new String(...) : String |
| Jexl3Injection.java:95:46:95:50 | bytes : byte[] | semmle.label | bytes : byte[] |
| Jexl3Injection.java:96:31:96:38 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:104:24:104:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:108:24:108:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:112:24:112:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:116:24:116:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:120:24:120:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:124:24:124:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:128:24:128:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:132:24:132:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:136:24:136:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:140:24:140:67 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:144:85:144:109 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:146:27:146:30 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:151:84:151:105 | data : Data | semmle.label | data : Data |
| Jexl3Injection.java:153:23:153:26 | data : Data | semmle.label | data : Data |
| Jexl3Injection.java:153:23:153:36 | getExpr(...) : String | semmle.label | getExpr(...) : String |
| Jexl3Injection.java:154:27:154:30 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | semmle.label | customRequest : CustomRequest |
| Jexl3Injection.java:163:23:163:35 | customRequest : CustomRequest | semmle.label | customRequest : CustomRequest |
| Jexl3Injection.java:163:23:163:45 | getData(...) : Data | semmle.label | getData(...) : Data |
| Jexl3Injection.java:163:23:163:55 | getExpr(...) : String | semmle.label | getExpr(...) : String |
| Jexl3Injection.java:164:27:164:30 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:177:21:177:27 | parameter this : CustomRequest | semmle.label | parameter this : CustomRequest |
| Jexl3Injection.java:178:20:178:23 | data : Data | semmle.label | data : Data |
| Jexl3Injection.java:190:23:190:29 | parameter this : Data | semmle.label | parameter this : Data |
| Jexl3Injection.java:191:20:191:23 | expr : String | semmle.label | expr : String |
subpaths
| Jexl3Injection.java:153:23:153:26 | data : Data | Jexl3Injection.java:190:23:190:29 | parameter this : Data | Jexl3Injection.java:191:20:191:23 | expr : String | Jexl3Injection.java:153:23:153:36 | getExpr(...) : String |
| Jexl3Injection.java:163:23:163:35 | customRequest : CustomRequest | Jexl3Injection.java:177:21:177:27 | parameter this : CustomRequest | Jexl3Injection.java:178:20:178:23 | data : Data | Jexl3Injection.java:163:23:163:45 | getData(...) : Data |
| Jexl3Injection.java:163:23:163:45 | getData(...) : Data | Jexl3Injection.java:190:23:190:29 | parameter this : Data | Jexl3Injection.java:191:20:191:23 | expr : String | Jexl3Injection.java:163:23:163:55 | getExpr(...) : String |

4
java/ql/test/query-tests/security/CWE-094/JexlInjection/JexlInjectionTest.qlref Normal file
View File

@@ -0,0 +1,4 @@
query: Security/CWE/CWE-094/JexlInjection.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql

0
java/ql/test/query-tests/security/CWE-094/SandboxedJexl2.java → java/ql/test/query-tests/security/CWE-094/JexlInjection/SandboxedJexl2.java
View File

0
java/ql/test/query-tests/security/CWE-094/SandboxedJexl3.java → java/ql/test/query-tests/security/CWE-094/JexlInjection/SandboxedJexl3.java
View File

1
java/ql/test/query-tests/security/CWE-094/JexlInjection/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../../stubs/springframework-5.8.x:${testdir}/../../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../../stubs/apache-commons-logging-1.2:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/apache-freemarker-2.3.31:${testdir}/../../../../stubs/jinjava-2.6.0:${testdir}/../../../../stubs/pebble-3.1.5:${testdir}/../../../../stubs/thymeleaf-3.0.14:${testdir}/../../../../stubs/apache-velocity-2.3:${testdir}/../../../..//stubs/google-android-9.0.0

0
java/ql/test/query-tests/security/CWE-094/JexlInjectionTest.expected
View File

18
java/ql/test/query-tests/security/CWE-094/JexlInjectionTest.ql
View File

@@ -1,18 +0,0 @@
import java
import semmle.code.java.security.JexlInjectionQuery
import utils.test.InlineExpectationsTest
module JexlInjectionTest implements TestSig {
string getARelevantTag() { result = "hasJexlInjection" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasJexlInjection" and
exists(DataFlow::Node sink | JexlInjectionFlow::flowTo(sink) |
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
}
}
import MakeTest<JexlInjectionTest>