add request forgery query

2026-04-27 01:35:13 +02:00 · 2020-05-11 01:21:38 +05:30
parent 1e048d8045
commit 38de9b6433
54 changed files with 1771 additions and 26 deletions
--- a/java/ql/test/library-tests/frameworks/javase/Uri.java
+++ b/java/ql/test/library-tests/frameworks/javase/Uri.java
@@ -0,0 +1,59 @@
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.Proxy;
+import java.net.SocketAddress;
+import java.net.URI;
+import java.net.URL;
+import java.net.URLConnection;
+import java.net.URLStreamHandler;
+import java.net.Proxy.Type;
+
+public class Uri {
+    public static void main(String[] args) throws Exception {
+        // URI(String str)
+        URI uri = new URI("uri1");
+
+        // URI(String scheme, String ssp, String fragment)
+        URI ur2 = new URI("http", "ssp", "fragement");
+
+        // URI(String scheme, String userInfo, String host, int port, String path,
+        // String query, String fragment)
+        URI uri3 = new URI("http", "userinfo", "host", 1, "path", "query", "fragment");
+        // URI(String scheme, String host, String path, String fragment)
+        URI uri4 = new URI("http", "host", "path", "fragment");
+        // URI(String scheme, String authority, String path, String query, String
+        // fragment)
+        URI uri5 = new URI("http", "authority", "path", "query", "fragment");
+
+        // URI.create(String str)
+        URI uri6 = URI.create("http://foo.com/");
+
+        // URL(String spec)
+        URL url1 = new URL("spec");
+        // URL(String protocol, String host, int port, String file)
+        URL url2 = new URL("http", "host", 1, "file");
+        // URL(String protocol, String host, String file)
+        URL url3 = new URL("http", "host", "file");
+        // URL(URL context, String spec)
+        URL url4 = new URL(url3, "http");
+        // URL(String protocol, String host, int port, String file, URLStreamHandler
+        // handler)
+        URL url5 = new URL("http", "host", 1, "file", new Helper());
+
+        // URL(URL context, String spec, URLStreamHandler handler)
+        URL url6 = new URL(url3, "spec", new Helper());
+
+        URLConnection c1 = url1.openConnection();
+        SocketAddress sa = new SocketAddress() {
+        };
+        URLConnection c2 = url1.openConnection(new Proxy(Type.HTTP, sa));
+        InputStream c3 = url1.openStream();
+    }
+}
+
+class Helper extends URLStreamHandler {
+    @Override
+    protected URLConnection openConnection(URL arg0) throws IOException {
+        return null;
+    }
+}
--- a/java/ql/test/library-tests/frameworks/javase/openConnection.expected
+++ b/java/ql/test/library-tests/frameworks/javase/openConnection.expected
@@ -0,0 +1,2 @@
+| Uri.java:46:28:46:48 | openConnection(...) |
+| Uri.java:49:28:49:72 | openConnection(...) |
--- a/java/ql/test/library-tests/frameworks/javase/openConnection.ql
+++ b/java/ql/test/library-tests/frameworks/javase/openConnection.ql
@@ -0,0 +1,5 @@
+import java
+import semmle.code.java.frameworks.javase.URL
+
+from UrlOpenConnectionMethod m
+select m.getAReference()
--- a/java/ql/test/library-tests/frameworks/javase/openStream.expected
+++ b/java/ql/test/library-tests/frameworks/javase/openStream.expected
@@ -0,0 +1 @@
+| Uri.java:50:26:50:42 | openStream(...) |
--- a/java/ql/test/library-tests/frameworks/javase/openStream.ql
+++ b/java/ql/test/library-tests/frameworks/javase/openStream.ql
@@ -0,0 +1,5 @@
+import java
+import semmle.code.java.frameworks.javase.URL
+
+from UrlOpenStreamMethod m
+select m.getAReference()
--- a/java/ql/test/library-tests/frameworks/javase/uri.expected
+++ b/java/ql/test/library-tests/frameworks/javase/uri.expected
@@ -0,0 +1,6 @@
+| Uri.java:14:19:14:33 | new URI(...) | Uri.java:14:27:14:32 | "uri1" |
+| Uri.java:17:19:17:53 | new URI(...) | Uri.java:17:35:17:39 | "ssp" |
+| Uri.java:21:20:21:86 | new URI(...) | Uri.java:21:48:21:53 | "host" |
+| Uri.java:23:20:23:62 | new URI(...) | Uri.java:23:36:23:41 | "host" |
+| Uri.java:26:20:26:76 | new URI(...) | Uri.java:26:36:26:46 | "authority" |
+| Uri.java:29:20:29:48 | create(...) | Uri.java:29:31:29:47 | "http://foo.com/" |
--- a/java/ql/test/library-tests/frameworks/javase/uri.ql
+++ b/java/ql/test/library-tests/frameworks/javase/uri.ql
@@ -0,0 +1,5 @@
+import java
+import semmle.code.java.frameworks.javase.URI
+
+from UriCreation c
+select c, c.hostArg()
--- a/java/ql/test/library-tests/frameworks/javase/url.expected
+++ b/java/ql/test/library-tests/frameworks/javase/url.expected
@@ -0,0 +1,4 @@
+| Uri.java:32:20:32:34 | new URL(...) | Uri.java:32:28:32:33 | "spec" |
+| Uri.java:34:20:34:53 | new URL(...) | Uri.java:34:36:34:41 | "host" |
+| Uri.java:36:20:36:50 | new URL(...) | Uri.java:36:36:36:41 | "host" |
+| Uri.java:41:20:41:67 | new URL(...) | Uri.java:41:36:41:41 | "host" |
--- a/java/ql/test/library-tests/frameworks/javase/url.ql
+++ b/java/ql/test/library-tests/frameworks/javase/url.ql
@@ -0,0 +1,5 @@
+import java
+import semmle.code.java.frameworks.javase.URL
+
+from UrlConstructor c
+select c, c.hostArg()