Java: copy out of experimental

2026-04-30 11:15:13 +02:00 · 2025-02-16 12:10:36 -05:00
parent 0d994c1527
commit 2ce5920c5e
8 changed files with 351 additions and 0 deletions
--- a/java/ql/test/query-tests/security/CWE-016/SpringBootActuators.expected
+++ b/java/ql/test/query-tests/security/CWE-016/SpringBootActuators.expected
@@ -0,0 +1,7 @@
+| SpringBootActuators.java:6:88:6:120 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:10:5:10:137 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:14:5:14:149 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:18:5:18:101 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:22:5:22:89 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:26:40:26:108 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:30:5:30:113 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
--- a/java/ql/test/query-tests/security/CWE-016/SpringBootActuators.java
+++ b/java/ql/test/query-tests/security/CWE-016/SpringBootActuators.java
@@ -0,0 +1,104 @@
+import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+
+public class SpringBootActuators {
+  protected void configure(HttpSecurity http) throws Exception {
+    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests(requests -> requests.anyRequest().permitAll());
+  }
+
+  protected void configure2(HttpSecurity http) throws Exception {
+    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll();
+  }
+
+  protected void configure3(HttpSecurity http) throws Exception {
+    http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll();
+  }
+
+  protected void configure4(HttpSecurity http) throws Exception {
+    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().permitAll();
+  }
+
+  protected void configure5(HttpSecurity http) throws Exception {
+    http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll();
+  }
+
+  protected void configure6(HttpSecurity http) throws Exception {
+    http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll());
+  }
+
+  protected void configure7(HttpSecurity http) throws Exception {
+    http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().permitAll();
+  }
+
+  protected void configureOk1(HttpSecurity http) throws Exception {
+    http.requestMatcher(EndpointRequest.toAnyEndpoint());
+  }
+
+  protected void configureOk2(HttpSecurity http) throws Exception {
+    http.requestMatchers().requestMatchers(EndpointRequest.toAnyEndpoint());
+  }
+
+  protected void configureOk3(HttpSecurity http) throws Exception {
+    http.authorizeRequests().anyRequest().permitAll();
+  }
+
+  protected void configureOk4(HttpSecurity http) throws Exception {
+    http.authorizeRequests(authz -> authz.anyRequest().permitAll());
+  }
+
+  protected void configureOkSafeEndpoints1(HttpSecurity http) throws Exception {
+    http.requestMatcher(EndpointRequest.to("health", "info")).authorizeRequests(requests -> requests.anyRequest().permitAll());
+  }
+
+  protected void configureOkSafeEndpoints2(HttpSecurity http) throws Exception {
+    http.requestMatcher(EndpointRequest.to("health")).authorizeRequests().requestMatchers(EndpointRequest.to("health")).permitAll();
+  }
+
+  protected void configureOkSafeEndpoints3(HttpSecurity http) throws Exception {
+    http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll();
+  }
+
+  protected void configureOkSafeEndpoints4(HttpSecurity http) throws Exception {
+    http.requestMatcher(EndpointRequest.to("health", "info")).authorizeRequests().anyRequest().permitAll();
+  }
+
+  protected void configureOkSafeEndpoints5(HttpSecurity http) throws Exception {
+    http.authorizeRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll();
+  }
+
+  protected void configureOkSafeEndpoints6(HttpSecurity http) throws Exception {
+    http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.to("health", "info")).permitAll());
+  }
+
+  protected void configureOkSafeEndpoints7(HttpSecurity http) throws Exception {
+    http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeRequests().anyRequest().permitAll();
+  }
+
+  protected void configureOkNoPermitAll1(HttpSecurity http) throws Exception {
+    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests(requests -> requests.anyRequest());
+  }
+
+  protected void configureOkNoPermitAll2(HttpSecurity http) throws Exception {
+    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
+  }
+
+  protected void configureOkNoPermitAll3(HttpSecurity http) throws Exception {
+    http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
+  }
+
+  protected void configureOkNoPermitAll4(HttpSecurity http) throws Exception {
+    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest();
+  }
+
+  protected void configureOkNoPermitAll5(HttpSecurity http) throws Exception {
+    http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
+  }
+
+  protected void configureOkNoPermitAll6(HttpSecurity http) throws Exception {
+    http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint()));
+  }
+
+  protected void configureOkNoPermitAll7(HttpSecurity http) throws Exception {
+    http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest();
+  }
+}
--- a/java/ql/test/query-tests/security/CWE-016/SpringBootActuators.qlref
+++ b/java/ql/test/query-tests/security/CWE-016/SpringBootActuators.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-016/SpringBootActuators.ql
--- a/java/ql/test/query-tests/security/CWE-016/options
+++ b/java/ql/test/query-tests/security/CWE-016/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE/CWE-016/SpringBootActuators.ql`
				`@@ -0,0 +1 @@`
				`//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8`