hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add new Apache CXF models

Browse Source
This commit is contained in:
Tony Torralba
2023-08-23 10:46:57 +02:00
parent 50a9c31b4a
commit 2448bc8ce2
31 changed files with 866 additions and 275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
java/ql/test/query-tests/security/CWE-117/LogInjectionTest.java
View File

@@ -3,6 +3,7 @@ import java.util.logging.LogRecord;
import java.util.regex.Pattern;
import com.google.common.flogger.LoggingApi;
import org.apache.commons.logging.Log;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.log4j.Category;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.LogBuilder;
@@ -2122,5 +2123,21 @@ public class LogInjectionTest {
android.util.Log.e("", (String) source()); // $ hasTaintFlow
android.util.Log.wtf("", (String) source()); // $ hasTaintFlow
}
{
// @formatter:off
// "org.apache.cxf.common.logging;LogUtils;true;log;(Logger,Level,String);;Argument[2];log-injection;manual"
LogUtils.log(null, null, (String) source()); // $ hasTaintFlow
// "org.apache.cxf.common.logging;LogUtils;true;log;(Logger,Level,String,Object);;Argument[2];log-injection;manual"
LogUtils.log(null, null, (String) source(), (Object) null); // $ hasTaintFlow
// "org.apache.cxf.common.logging;LogUtils;true;log;(Logger,Level,String,Object[]);;Argument[2];log-injection;manual"
LogUtils.log(null, null, (String) source(), (Object[]) null); // $ hasTaintFlow
// "org.apache.cxf.common.logging;LogUtils;true;log;(Logger,Level,String,Throwable);;Argument[2];log-injection;manual"
LogUtils.log(null, null, (String) source(), (Throwable) null); // $ hasTaintFlow
// "org.apache.cxf.common.logging;LogUtils;true;log;(Logger,Level,String,Throwable,Object);;Argument[2];log-injection;manual"
LogUtils.log(null, null, (String) source(), (Throwable) null, (Object) null); // $ hasTaintFlow
// "org.apache.cxf.common.logging;LogUtils;true;log;(Logger,Level,String,Throwable,Object[]);;Argument[2];log-injection;manual"
LogUtils.log(null, null, (String) source(), (Throwable) null, (Object) null, (Object) null); // $ hasTaintFlow
// @formatter:on
}
}
}

2
java/ql/test/query-tests/security/CWE-117/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-log4j-1.2.17:${testdir}/../../../stubs/apache-log4j-2.14.1:${testdir}/../../../stubs/apache-commons-logging-1.2:${testdir}/../../../stubs/jboss-logging-3.4.2:${testdir}/../../../stubs/slf4j-2.0.0:${testdir}/../../../stubs/scijava-common-2.87.1:${testdir}/../../../stubs/flogger-0.7.1:${testdir}/../../../stubs/google-android-9.0.0
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-log4j-1.2.17:${testdir}/../../../stubs/apache-log4j-2.14.1:${testdir}/../../../stubs/apache-commons-logging-1.2:${testdir}/../../../stubs/jboss-logging-3.4.2:${testdir}/../../../stubs/slf4j-2.0.0:${testdir}/../../../stubs/scijava-common-2.87.1:${testdir}/../../../stubs/flogger-0.7.1:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/apache-cxf