hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Promote SSRF query to main query set

Browse Source
This commit is contained in:
Chris Smowton
2021-03-23 15:53:34 +00:00
parent 6ca8d69b26
commit 487c1db6ed
22 changed files with 2 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
java/ql/src/experimental/Security/CWE/CWE-918/RequestForgery.java → java/ql/src/Security/CWE/CWE-918/RequestForgery.java
View File

0
java/ql/src/experimental/Security/CWE/CWE-918/RequestForgery.qhelp → java/ql/src/Security/CWE/CWE-918/RequestForgery.qhelp
View File

0
java/ql/src/experimental/Security/CWE/CWE-918/RequestForgery.ql → java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
View File

0
java/ql/src/experimental/Security/CWE/CWE-918/RequestForgery.qll → java/ql/src/Security/CWE/CWE-918/RequestForgery.qll
View File

1
java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.qlref
View File

@@ -1 +0,0 @@
experimental/Security/CWE/CWE-918/RequestForgery.ql

1
java/ql/test/experimental/query-tests/security/CWE-918/options
View File

@@ -1 +0,0 @@
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4/

12
java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/Client.java
View File

@@ -1,12 +0,0 @@
package javax.ws.rs.client;
public abstract interface Client extends javax.ws.rs.core.Configurable {
public abstract javax.ws.rs.client.WebTarget target(java.lang.String arg0);
public abstract javax.ws.rs.client.WebTarget target(java.net.URI arg0);
public abstract javax.ws.rs.client.WebTarget target(javax.ws.rs.core.UriBuilder arg0);
public abstract javax.ws.rs.client.WebTarget target(javax.ws.rs.core.Link arg0);
}

6
java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Configurable.java
View File

@@ -1,6 +0,0 @@
package javax.ws.rs.core;
public abstract interface Configurable<C extends javax.ws.rs.core.Configurable> {
public abstract javax.ws.rs.core.Configuration getConfiguration();
}

61
java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Link.java
View File

@@ -1,61 +0,0 @@
package javax.ws.rs.core;
public abstract class Link {
public static final java.lang.String TITLE = "title";
public static final java.lang.String REL = "rel";
public static final java.lang.String TYPE = "type";
public Link() {
}
public abstract java.net.URI getUri();
public abstract javax.ws.rs.core.UriBuilder getUriBuilder();
public abstract java.lang.String getRel();
public abstract java.util.List<java.lang.String> getRels();
public abstract java.lang.String getTitle();
public abstract java.lang.String getType();
public abstract java.util.Map<java.lang.String, java.lang.String> getParams();
public abstract java.lang.String toString();
public static javax.ws.rs.core.Link valueOf(java.lang.String value) {
return null;
}
// public static javax.ws.rs.core.Link.Builder fromUri(java.net.URI uri) {
// return null;
// }
// public static javax.ws.rs.core.Link.Builder fromUri(java.lang.String uri) {
// return null;
// }
// public static javax.ws.rs.core.Link.Builder fromUriBuilder(javax.ws.rs.core.UriBuilder uriBuilder) {
// return null;
// }
// public static javax.ws.rs.core.Link.Builder fromLink(javax.ws.rs.core.Link link) {
// return null;
// }
// public static javax.ws.rs.core.Link.Builder fromPath(java.lang.String path) {
// return null;
// }
// public static javax.ws.rs.core.Link.Builder fromResource(java.lang.Class<?> resource) {
// return null;
// }
// public static javax.ws.rs.core.Link.Builder fromMethod(java.lang.Class<?> resource, java.lang.String method) {
// return null;
// }
}

62
java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/UriBuilder.java
View File

@@ -1,62 +0,0 @@
// Failed to get sources. Instead, stub sources have been generated by the disassembler.
// Implementation of methods is unavailable.
package javax.ws.rs.core;
public abstract class UriBuilder {
protected UriBuilder() {
}
protected static javax.ws.rs.core.UriBuilder newInstance() {
return null;
}
public static javax.ws.rs.core.UriBuilder fromUri(java.net.URI uri) {
return null;
}
public static javax.ws.rs.core.UriBuilder fromUri(java.lang.String uriTemplate) {
return null;
}
public static javax.ws.rs.core.UriBuilder fromLink(javax.ws.rs.core.Link link) {
return null;
}
public static javax.ws.rs.core.UriBuilder fromPath(java.lang.String path)
throws java.lang.IllegalArgumentException {
return null;
}
public static javax.ws.rs.core.UriBuilder fromResource(java.lang.Class<?> resource) {
return null;
}
public static javax.ws.rs.core.UriBuilder fromMethod(java.lang.Class<?> resource, java.lang.String method) {
return null;
}
public abstract javax.ws.rs.core.UriBuilder clone();
public abstract javax.ws.rs.core.UriBuilder uri(java.net.URI arg0);
public abstract javax.ws.rs.core.UriBuilder uri(java.lang.String arg0);
public abstract java.net.URI buildFromMap(java.util.Map<java.lang.String, ?> arg0);
public abstract java.net.URI buildFromMap(java.util.Map<java.lang.String, ?> arg0, boolean arg1)
throws java.lang.IllegalArgumentException, javax.ws.rs.core.UriBuilderException;
public abstract java.net.URI buildFromEncodedMap(java.util.Map<java.lang.String, ?> arg0)
throws java.lang.IllegalArgumentException, javax.ws.rs.core.UriBuilderException;
public abstract java.net.URI build(java.lang.Object... arg0)
throws java.lang.IllegalArgumentException, javax.ws.rs.core.UriBuilderException;
public abstract java.net.URI build(java.lang.Object[] arg0, boolean arg1)
throws java.lang.IllegalArgumentException, javax.ws.rs.core.UriBuilderException;
public abstract java.net.URI buildFromEncoded(java.lang.Object... arg0)
throws java.lang.IllegalArgumentException, javax.ws.rs.core.UriBuilderException;
}

18
java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/UriBuilderException.java
View File

@@ -1,18 +0,0 @@
package javax.ws.rs.core;
public class UriBuilderException extends java.lang.RuntimeException {
private static final long serialVersionUID = 956255913370721193L;
public UriBuilderException() {
}
public UriBuilderException(java.lang.String msg) {
}
public UriBuilderException(java.lang.String msg, java.lang.Throwable cause) {
}
public UriBuilderException(java.lang.Throwable cause) {
}
}

0
java/ql/test/experimental/query-tests/security/CWE-918/JaxWsSSRF.java → java/ql/test/query-tests/security/CWE-918/JaxWsSSRF.java
View File

0
java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.expected → java/ql/test/query-tests/security/CWE-918/RequestForgery.expected
View File

0
java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery.java → java/ql/test/query-tests/security/CWE-918/RequestForgery.java
View File

1
java/ql/test/query-tests/security/CWE-918/RequestForgery.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-918/RequestForgery.ql

0
java/ql/test/experimental/query-tests/security/CWE-918/RequestForgery2.java → java/ql/test/query-tests/security/CWE-918/RequestForgery2.java
View File

0
java/ql/test/experimental/query-tests/security/CWE-918/Sinks.java → java/ql/test/query-tests/security/CWE-918/Sinks.java
View File

0
java/ql/test/experimental/query-tests/security/CWE-918/SpringSSRF.java → java/ql/test/query-tests/security/CWE-918/SpringSSRF.java
View File

1
java/ql/test/query-tests/security/CWE-918/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/servlet-api-2.4/

0
java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/ClientBuilder.java → java/ql/test/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/ClientBuilder.java
View File

0
java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/WebTarget.java → java/ql/test/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/client/WebTarget.java
View File

0
java/ql/test/experimental/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Configuration.java → java/ql/test/stubs/javax-ws-rs-api-2.1.1/javax/ws/rs/core/Configuration.java
View File