hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13712 from pwntester/java/new_struts2_models

Browse Source 
[Java] New models for Struts2 framework
This commit is contained in:
Tony Torralba
2023-07-28 14:31:25 +02:00
committed by GitHub
parent 499bd970d3 c9fc5a54c7
commit 2dff0ce5b4
3 changed files with 6989 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/lib/change-notes/2023-07-12-add-models-for-struts2-framework.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
* Added models for the Struts 2 framework.

6904
java/ql/lib/ext/generated/struts2.model.yml Normal file
View File

File diff suppressed because it is too large Load Diff

80
java/ql/lib/ext/struts2.model.yml Normal file
View File

@@ -0,0 +1,80 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["com.opensymphony.xwork2.ognl", "OgnlValueStack", False, "setValue", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlValueStack", False, "getValue", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlValueStack", False, "setParameter", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlValueStack", False, "trySetValue", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlValueStack", False, "getValueUsingOgnl", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlValueStack", False, "tryFindValue", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlValueStack", False, "findValue", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlValueStack", False, "findString", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlValueStack", False, "tryFindValueWhenExpressionIsNotNull", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlReflectionProvider", False, "getValue", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlReflectionProvider", False, "setValue", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlReflectionProvider", False, "setProperty", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlReflectionProvider", False, "setProperties", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlUtil", true, "setProperties", "(Map,Object)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlUtil", true, "setProperties", "(Map,Object,Map)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlUtil", true, "setProperties", "(Map,Object,Map,boolean)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlUtil", true, "setProperties", "(Map,Object,boolean)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlUtil", true, "setProperty", "(String,Object,Object,Map)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.ognl", "OgnlUtil", true, "setProperty", "(String,Object,Object,Map,boolean)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "LocalizedTextUtil", False, "findText", "", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "LocalizedTextUtil", False, "findText", "", "", "Argument[3]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "OgnlTextParser", False, "evaluate", "", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "TextParseUtil", true, "translateVariables", "(String,ValueStack)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "TextParseUtil", true, "translateVariables", "(String,ValueStack,ParsedValueEvaluator)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "TextParseUtil", true, "translateVariables", "(char,String,ValueStack)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "TextParseUtil", true, "translateVariables", "(char,String,ValueStack,Class)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "TextParseUtil", true, "translateVariables", "(char,String,ValueStack,Class,ParsedValueEvaluator)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "TextParseUtil", true, "translateVariables", "(char,String,ValueStack,Class,ParsedValueEvaluator,int)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "TextParseUtil", true, "translateVariables", "(char[],String,ValueStack,Class,ParsedValueEvaluator)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "TextParseUtil", true, "translateVariables", "(char[],String,ValueStack,Class,ParsedValueEvaluator,int)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "TextParseUtil", true, "translateVariablesCollection", "(String,ValueStack,boolean,ParsedValueEvaluator)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.util", "TextParseUtil", true, "translateVariablesCollection", "(char[],String,ValueStack,boolean,ParsedValueEvaluator,int)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "ActionSupport", true, "getFormatted", "(String,String)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "ActionSupport", true, "getFormatted", "(String,String)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,List)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,List)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[2]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[this]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[2]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[this]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String)", "", "Argument[2]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[2]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[this]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[2]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[this]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String[])", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String[])", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "hasKey", "(String)", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2", "TextProvider", true, "hasKey", "(String)", "", "Argument[this]", "ognl-injection", "manual"]
- ["org.apache.struts2.util", "StrutsUtil", true, "findString", "(String)", "", "Argument[0]", "ognl-injection", "manual"]
- ["org.apache.struts2.util", "StrutsUtil", true, "findValue", "(String,String)", "", "Argument[0]", "ognl-injection", "manual"]
- ["org.apache.struts2.util", "StrutsUtil", true, "getText", "(String)", "", "Argument[0]", "ognl-injection", "manual"]
- ["org.apache.struts2.util", "StrutsUtil", true, "isTrue", "(String)", "", "Argument[0]", "ognl-injection", "manual"]
- ["org.apache.struts2.util", "StrutsUtil", true, "makeSelectList", "(String,String,String,String)", "", "Argument[0]", "ognl-injection", "manual"]
- ["org.apache.struts2.util", "StrutsUtil", true, "makeSelectList", "(String,String,String,String)", "", "Argument[1]", "ognl-injection", "manual"]
- ["org.apache.struts2.util", "StrutsUtil", true, "makeSelectList", "(String,String,String,String)", "", "Argument[2]", "ognl-injection", "manual"]
- ["org.apache.struts2.util", "StrutsUtil", true, "makeSelectList", "(String,String,String,String)", "", "Argument[3]", "ognl-injection", "manual"]
- ["org.apache.struts2.util", "StrutsUtil", True, "translateVariables", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["org.apache.struts2.views.jsp", "StrutsBodyTagSupport", False, "findPattern", "", "", "Argument[1]", "ognl-injection", "manual"]
- ["org.apache.struts2.views.jsp", "StrutsBodyTagSupport", False, "findString", "", "", "Argument[1]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.validator.validators", "ValidatorSupport", False, "parse", "", "", "Argument[0]", "ognl-injection", "manual"]
- ["com.opensymphony.xwork2.validator.validators", "ValidatorSupport", False, "getFieldValue", "", "", "Argument[0]", "ognl-injection", "manual"]