mirror of
https://github.com/github/codeql.git
synced 2025-12-24 04:36:35 +01:00
Modify ql
This commit is contained in:
haby0
@@ -24,28 +24,14 @@ class UnsafeDeserializationConfig extends TaintTracking::Configuration {
|
||||
|
||||
override predicate isAdditionalTaintStep(DataFlow::Node prod, DataFlow::Node succ) {
|
||||
exists(ClassInstanceExpr cie |
|
||||
cie.getConstructor().getDeclaringType() instanceof JsonReader and
|
||||
cie.getArgument(0) = prod.asExpr() and
|
||||
cie = succ.asExpr() and
|
||||
not exists(SafeJsonIo sji | sji.hasFlowToExpr(cie.getArgument(1)))
|
||||
(
|
||||
cie.getConstructor().getDeclaringType() instanceof JsonIoJsonReader or
|
||||
cie.getConstructor().getDeclaringType() instanceof YamlBeansReader or
|
||||
cie.getConstructor().getDeclaringType().getASupertype*() instanceof UnsafeHessianInput or
|
||||
cie.getConstructor().getDeclaringType() instanceof BurlapInput
|
||||
)
|
||||
or
|
||||
exists(ClassInstanceExpr cie |
|
||||
cie.getConstructor().getDeclaringType() instanceof YamlReader and
|
||||
cie.getArgument(0) = prod.asExpr() and
|
||||
cie = succ.asExpr()
|
||||
)
|
||||
or
|
||||
exists(ClassInstanceExpr cie |
|
||||
cie.getConstructor().getDeclaringType() instanceof UnSafeHessianInput and
|
||||
cie.getArgument(0) = prod.asExpr() and
|
||||
cie = succ.asExpr()
|
||||
)
|
||||
or
|
||||
exists(ClassInstanceExpr cie |
|
||||
cie.getConstructor().getDeclaringType() instanceof BurlapInput and
|
||||
cie.getArgument(0) = prod.asExpr() and
|
||||
cie = succ.asExpr()
|
||||
)
|
||||
or
|
||||
exists(MethodAccess ma |
|
||||
@@ -54,6 +40,20 @@ class UnsafeDeserializationConfig extends TaintTracking::Configuration {
|
||||
ma.getQualifier() = succ.asExpr()
|
||||
)
|
||||
}
|
||||
|
||||
override predicate isSanitizer(DataFlow::Node node) {
|
||||
exists(ClassInstanceExpr cie |
|
||||
cie.getConstructor().getDeclaringType() instanceof JsonIoJsonReader and
|
||||
cie = node.asExpr() and
|
||||
exists(SafeJsonIoConfig sji | sji.hasFlowToExpr(cie.getArgument(1)))
|
||||
)
|
||||
or
|
||||
exists(MethodAccess ma |
|
||||
ma.getMethod() instanceof JsonIoJsonToJavaMethod and
|
||||
ma.getArgument(0) = node.asExpr() and
|
||||
exists(SafeJsonIoConfig sji | sji.hasFlowToExpr(ma.getArgument(1)))
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
from DataFlow::PathNode source, DataFlow::PathNode sink, UnsafeDeserializationConfig conf
|
||||
|
||||
@@ -7,14 +7,14 @@ import java
|
||||
/**
|
||||
* The class `org.exolab.castor.xml.Unmarshaller`.
|
||||
*/
|
||||
class Unmarshaller extends RefType {
|
||||
Unmarshaller() { this.hasQualifiedName("org.exolab.castor.xml", "Unmarshaller") }
|
||||
class CastorUnmarshaller extends RefType {
|
||||
CastorUnmarshaller() { this.hasQualifiedName("org.exolab.castor.xml", "Unmarshaller") }
|
||||
}
|
||||
|
||||
/** A method with the name `unmarshal` declared in `org.exolab.castor.xml.Unmarshaller`. */
|
||||
class UnmarshalMethod extends Method {
|
||||
UnmarshalMethod() {
|
||||
this.getDeclaringType() instanceof Unmarshaller and
|
||||
this.getDeclaringType() instanceof CastorUnmarshaller and
|
||||
this.getName() = "unmarshal"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,24 +1,26 @@
|
||||
/**
|
||||
* Provides classes and predicates for working with the Hession framework.
|
||||
* Provides classes and predicates for working with the HessianBurlap framework.
|
||||
*/
|
||||
|
||||
import java
|
||||
|
||||
/**
|
||||
* The class `com.caucho.hessian.io.HessianInput` or `com.caucho.hessian.io.Hessian2Input`.
|
||||
* The class `com.caucho.hessian.io.AbstractHessianInput` or `com.alibaba.com.caucho.hessian.io.Hessian2StreamingInput`.
|
||||
*/
|
||||
class UnSafeHessianInput extends RefType {
|
||||
UnSafeHessianInput() {
|
||||
this.hasQualifiedName("com.caucho.hessian.io", ["HessianInput", "Hessian2Input"])
|
||||
class UnsafeHessianInput extends RefType {
|
||||
UnsafeHessianInput() {
|
||||
this.hasQualifiedName(["com.caucho.hessian.io", "com.alibaba.com.caucho.hessian.io"],
|
||||
["AbstractHessianInput", "Hessian2StreamingInput"])
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A HessianInput readObject method. This is either `HessianInput.readObject` or `Hessian2Input.readObject`.
|
||||
* A AbstractHessianInput or Hessian2StreamingInput subclass readObject method.
|
||||
* This is either `AbstractHessianInput.readObject` or `Hessian2StreamingInput.readObject`.
|
||||
*/
|
||||
class UnSafeHessianInputReadObjectMethod extends Method {
|
||||
UnSafeHessianInputReadObjectMethod() {
|
||||
this.getDeclaringType() instanceof UnSafeHessianInput and
|
||||
class UnsafeHessianInputReadObjectMethod extends Method {
|
||||
UnsafeHessianInputReadObjectMethod() {
|
||||
this.getDeclaringType().getASupertype*() instanceof UnsafeHessianInput and
|
||||
this.getName() = "readObject"
|
||||
}
|
||||
}
|
||||
@@ -15,8 +15,8 @@ class JYaml extends RefType {
|
||||
* A JYaml unsafe load method. This is either `YAML.load` or
|
||||
* `YAML.loadType` or `YAML.loadStream` or `YAML.loadStreamOfType`.
|
||||
*/
|
||||
class JYamlUnSafeLoadMethod extends Method {
|
||||
JYamlUnSafeLoadMethod() {
|
||||
class JYamlUnsafeLoadMethod extends Method {
|
||||
JYamlUnsafeLoadMethod() {
|
||||
this.getDeclaringType() instanceof JYaml and
|
||||
this.getName() in ["load", "loadType", "loadStream", "loadStreamOfType"]
|
||||
}
|
||||
@@ -33,8 +33,8 @@ class JYamlConfig extends RefType {
|
||||
* A JYamlConfig unsafe load method. This is either `YamlConfig.load` or
|
||||
* `YAML.loadType` or `YamlConfig.loadStream` or `YamlConfig.loadStreamOfType`.
|
||||
*/
|
||||
class JYamlConfigUnSafeLoadMethod extends Method {
|
||||
JYamlConfigUnSafeLoadMethod() {
|
||||
class JYamlConfigUnsafeLoadMethod extends Method {
|
||||
JYamlConfigUnsafeLoadMethod() {
|
||||
this.getDeclaringType() instanceof JYamlConfig and
|
||||
this.getName() in ["load", "loadType", "loadStream", "loadStreamOfType"]
|
||||
}
|
||||
|
||||
@@ -4,18 +4,20 @@
|
||||
|
||||
import java
|
||||
import semmle.code.java.Maps
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.dataflow.DataFlow2
|
||||
|
||||
/**
|
||||
* The class `com.cedarsoftware.util.io.JsonReader`.
|
||||
*/
|
||||
class JsonReader extends RefType {
|
||||
JsonReader() { this.hasQualifiedName("com.cedarsoftware.util.io", "JsonReader") }
|
||||
class JsonIoJsonReader extends RefType {
|
||||
JsonIoJsonReader() { this.hasQualifiedName("com.cedarsoftware.util.io", "JsonReader") }
|
||||
}
|
||||
|
||||
/** A method with the name `jsonToJava` declared in `com.cedarsoftware.util.io.JsonReader`. */
|
||||
class JsonIoJsonToJavaMethod extends Method {
|
||||
JsonIoJsonToJavaMethod() {
|
||||
this.getDeclaringType() instanceof JsonReader and
|
||||
this.getDeclaringType() instanceof JsonIoJsonReader and
|
||||
this.getName() = "jsonToJava"
|
||||
}
|
||||
}
|
||||
@@ -23,7 +25,7 @@ class JsonIoJsonToJavaMethod extends Method {
|
||||
/** A method with the name `readObject` declared in `com.cedarsoftware.util.io.JsonReader`. */
|
||||
class JsonIoReadObjectMethod extends Method {
|
||||
JsonIoReadObjectMethod() {
|
||||
this.getDeclaringType() instanceof JsonReader and
|
||||
this.getDeclaringType() instanceof JsonIoJsonReader and
|
||||
this.getName() = "readObject"
|
||||
}
|
||||
}
|
||||
@@ -39,3 +41,27 @@ class JsonIoSafeOptionalArgs extends MethodAccess {
|
||||
this.getArgument(1).(CompileTimeConstantExpr).getBooleanValue() = true
|
||||
}
|
||||
}
|
||||
|
||||
/** A data flow configuration tracing flow from JsonIo safe settings. */
|
||||
class SafeJsonIoConfig extends DataFlow2::Configuration {
|
||||
SafeJsonIoConfig() { this = "UnsafeDeserialization::SafeJsonIoConfig" }
|
||||
|
||||
override predicate isSource(DataFlow::Node src) {
|
||||
exists(MethodAccess ma |
|
||||
ma instanceof JsonIoSafeOptionalArgs and
|
||||
src.asExpr() = ma.getQualifier()
|
||||
)
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
exists(MethodAccess ma |
|
||||
ma.getMethod() instanceof JsonIoJsonToJavaMethod and
|
||||
sink.asExpr() = ma.getArgument(1)
|
||||
)
|
||||
or
|
||||
exists(ClassInstanceExpr cie |
|
||||
cie.getConstructor().getDeclaringType() instanceof JsonIoJsonReader and
|
||||
sink.asExpr() = cie.getArgument(1)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,14 +7,14 @@ import java
|
||||
/**
|
||||
* The class `com.esotericsoftware.yamlbeans.YamlReader`.
|
||||
*/
|
||||
class YamlReader extends RefType {
|
||||
YamlReader() { this.hasQualifiedName("com.esotericsoftware.yamlbeans", "YamlReader") }
|
||||
class YamlBeansReader extends RefType {
|
||||
YamlBeansReader() { this.hasQualifiedName("com.esotericsoftware.yamlbeans", "YamlReader") }
|
||||
}
|
||||
|
||||
/** A method with the name `read` declared in `com.esotericsoftware.yamlbeans.YamlReader`. */
|
||||
class YamlReaderReadMethod extends Method {
|
||||
YamlReaderReadMethod() {
|
||||
this.getDeclaringType() instanceof YamlReader and
|
||||
class YamlBeansReaderReadMethod extends Method {
|
||||
YamlBeansReaderReadMethod() {
|
||||
this.getDeclaringType() instanceof YamlBeansReader and
|
||||
this.getName() = "read"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@ import semmle.code.java.frameworks.FastJson
|
||||
import semmle.code.java.frameworks.JYaml
|
||||
import semmle.code.java.frameworks.JsonIo
|
||||
import semmle.code.java.frameworks.YamlBeans
|
||||
import semmle.code.java.frameworks.Hessian
|
||||
import semmle.code.java.frameworks.HessianBurlap
|
||||
import semmle.code.java.frameworks.Castor
|
||||
import semmle.code.java.frameworks.apache.Lang
|
||||
|
||||
@@ -55,29 +55,6 @@ class SafeKryo extends DataFlow2::Configuration {
|
||||
}
|
||||
}
|
||||
|
||||
class SafeJsonIo extends DataFlow2::Configuration {
|
||||
SafeJsonIo() { this = "UnsafeDeserialization::SafeJsonIo" }
|
||||
|
||||
override predicate isSource(DataFlow::Node src) {
|
||||
exists(MethodAccess ma |
|
||||
ma instanceof JsonIoSafeOptionalArgs and
|
||||
src.asExpr() = ma.getQualifier()
|
||||
)
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
exists(MethodAccess ma |
|
||||
ma.getMethod() instanceof JsonIoJsonToJavaMethod and
|
||||
sink.asExpr() = ma.getArgument(1)
|
||||
)
|
||||
or
|
||||
exists(ClassInstanceExpr cie |
|
||||
cie.getConstructor().getDeclaringType() instanceof JsonReader and
|
||||
sink.asExpr() = cie.getArgument(1)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
predicate unsafeDeserialization(MethodAccess ma, Expr sink) {
|
||||
exists(Method m | m = ma.getMethod() |
|
||||
m instanceof ObjectInputStreamReadObjectMethod and
|
||||
@@ -110,22 +87,21 @@ predicate unsafeDeserialization(MethodAccess ma, Expr sink) {
|
||||
not fastJsonLooksSafe() and
|
||||
sink = ma.getArgument(0)
|
||||
or
|
||||
ma.getMethod() instanceof JYamlUnSafeLoadMethod and
|
||||
ma.getMethod() instanceof JYamlUnsafeLoadMethod and
|
||||
sink = ma.getArgument(0)
|
||||
or
|
||||
ma.getMethod() instanceof JYamlConfigUnSafeLoadMethod and
|
||||
ma.getMethod() instanceof JYamlConfigUnsafeLoadMethod and
|
||||
sink = ma.getArgument(0)
|
||||
or
|
||||
ma.getMethod() instanceof JsonIoJsonToJavaMethod and
|
||||
sink = ma.getArgument(0) and
|
||||
not exists(SafeJsonIo sji | sji.hasFlowToExpr(ma.getArgument(1)))
|
||||
sink = ma.getArgument(0)
|
||||
or
|
||||
ma.getMethod() instanceof JsonIoReadObjectMethod and
|
||||
sink = ma.getQualifier()
|
||||
or
|
||||
ma.getMethod() instanceof YamlReaderReadMethod and sink = ma.getQualifier()
|
||||
ma.getMethod() instanceof YamlBeansReaderReadMethod and sink = ma.getQualifier()
|
||||
or
|
||||
ma.getMethod() instanceof UnSafeHessianInputReadObjectMethod and sink = ma.getQualifier()
|
||||
ma.getMethod() instanceof UnsafeHessianInputReadObjectMethod and sink = ma.getQualifier()
|
||||
or
|
||||
ma.getMethod() instanceof UnmarshalMethod and sink = ma.getAnArgument()
|
||||
or
|
||||
|
||||
@@ -42,13 +42,8 @@ public class C {
|
||||
|
||||
JsonReader.jsonToJava(data); //bad
|
||||
|
||||
JsonReader.jsonToJava(data, hashMap); //good
|
||||
|
||||
JsonReader jr = new JsonReader(data, null); //bad
|
||||
jr.readObject();
|
||||
|
||||
JsonReader jr1 = new JsonReader(data, hashMap); //good
|
||||
jr1.readObject();
|
||||
}
|
||||
|
||||
@GetMapping(value = "yamlbeans")
|
||||
@@ -95,4 +90,25 @@ public class C {
|
||||
burlapInput1.init(is);
|
||||
burlapInput1.readObject(); //bad
|
||||
}
|
||||
|
||||
@GetMapping(value = "jsonio1")
|
||||
public void good1(HttpServletRequest request) {
|
||||
String data = request.getParameter("data");
|
||||
|
||||
HashMap hashMap = new HashMap();
|
||||
hashMap.put("USE_MAPS", true);
|
||||
|
||||
JsonReader.jsonToJava(data, hashMap); //good
|
||||
}
|
||||
|
||||
@GetMapping(value = "jsonio2")
|
||||
public void good2(HttpServletRequest request) {
|
||||
String data = request.getParameter("data");
|
||||
|
||||
HashMap hashMap = new HashMap();
|
||||
hashMap.put("USE_MAPS", true);
|
||||
|
||||
JsonReader jr1 = new JsonReader(data, hashMap); //good
|
||||
jr1.readObject();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -34,17 +34,17 @@ edges
|
||||
| C.java:23:17:23:44 | getParameter(...) : String | C.java:32:31:32:34 | data |
|
||||
| C.java:23:17:23:44 | getParameter(...) : String | C.java:33:23:33:26 | data |
|
||||
| C.java:38:17:38:44 | getParameter(...) : String | C.java:43:25:43:28 | data |
|
||||
| C.java:38:17:38:44 | getParameter(...) : String | C.java:48:3:48:4 | jr |
|
||||
| C.java:56:17:56:44 | getParameter(...) : String | C.java:58:3:58:3 | r |
|
||||
| C.java:56:17:56:44 | getParameter(...) : String | C.java:59:3:59:3 | r |
|
||||
| C.java:56:17:56:44 | getParameter(...) : String | C.java:60:3:60:3 | r |
|
||||
| C.java:65:18:65:45 | getParameter(...) : String | C.java:68:3:68:14 | hessianInput |
|
||||
| C.java:65:18:65:45 | getParameter(...) : String | C.java:69:3:69:14 | hessianInput |
|
||||
| C.java:74:18:74:45 | getParameter(...) : String | C.java:77:3:77:14 | hessianInput |
|
||||
| C.java:74:18:74:45 | getParameter(...) : String | C.java:78:3:78:14 | hessianInput |
|
||||
| C.java:84:43:84:70 | getParameter(...) : String | C.java:84:26:84:71 | new StringReader(...) |
|
||||
| C.java:89:27:89:54 | getParameter(...) : String | C.java:92:3:92:13 | burlapInput |
|
||||
| C.java:89:27:89:54 | getParameter(...) : String | C.java:96:3:96:14 | burlapInput1 |
|
||||
| C.java:38:17:38:44 | getParameter(...) : String | C.java:46:3:46:4 | jr |
|
||||
| C.java:51:17:51:44 | getParameter(...) : String | C.java:53:3:53:3 | r |
|
||||
| C.java:51:17:51:44 | getParameter(...) : String | C.java:54:3:54:3 | r |
|
||||
| C.java:51:17:51:44 | getParameter(...) : String | C.java:55:3:55:3 | r |
|
||||
| C.java:60:18:60:45 | getParameter(...) : String | C.java:63:3:63:14 | hessianInput |
|
||||
| C.java:60:18:60:45 | getParameter(...) : String | C.java:64:3:64:14 | hessianInput |
|
||||
| C.java:69:18:69:45 | getParameter(...) : String | C.java:72:3:72:14 | hessianInput |
|
||||
| C.java:69:18:69:45 | getParameter(...) : String | C.java:73:3:73:14 | hessianInput |
|
||||
| C.java:79:43:79:70 | getParameter(...) : String | C.java:79:26:79:71 | new StringReader(...) |
|
||||
| C.java:84:27:84:54 | getParameter(...) : String | C.java:87:3:87:13 | burlapInput |
|
||||
| C.java:84:27:84:54 | getParameter(...) : String | C.java:91:3:91:14 | burlapInput1 |
|
||||
| TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) |
|
||||
nodes
|
||||
| A.java:13:31:13:51 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
|
||||
@@ -96,22 +96,22 @@ nodes
|
||||
| C.java:33:23:33:26 | data | semmle.label | data |
|
||||
| C.java:38:17:38:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:43:25:43:28 | data | semmle.label | data |
|
||||
| C.java:48:3:48:4 | jr | semmle.label | jr |
|
||||
| C.java:56:17:56:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:58:3:58:3 | r | semmle.label | r |
|
||||
| C.java:59:3:59:3 | r | semmle.label | r |
|
||||
| C.java:60:3:60:3 | r | semmle.label | r |
|
||||
| C.java:65:18:65:45 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:68:3:68:14 | hessianInput | semmle.label | hessianInput |
|
||||
| C.java:69:3:69:14 | hessianInput | semmle.label | hessianInput |
|
||||
| C.java:74:18:74:45 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:77:3:77:14 | hessianInput | semmle.label | hessianInput |
|
||||
| C.java:78:3:78:14 | hessianInput | semmle.label | hessianInput |
|
||||
| C.java:84:26:84:71 | new StringReader(...) | semmle.label | new StringReader(...) |
|
||||
| C.java:84:43:84:70 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:89:27:89:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:92:3:92:13 | burlapInput | semmle.label | burlapInput |
|
||||
| C.java:96:3:96:14 | burlapInput1 | semmle.label | burlapInput1 |
|
||||
| C.java:46:3:46:4 | jr | semmle.label | jr |
|
||||
| C.java:51:17:51:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:53:3:53:3 | r | semmle.label | r |
|
||||
| C.java:54:3:54:3 | r | semmle.label | r |
|
||||
| C.java:55:3:55:3 | r | semmle.label | r |
|
||||
| C.java:60:18:60:45 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:63:3:63:14 | hessianInput | semmle.label | hessianInput |
|
||||
| C.java:64:3:64:14 | hessianInput | semmle.label | hessianInput |
|
||||
| C.java:69:18:69:45 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:72:3:72:14 | hessianInput | semmle.label | hessianInput |
|
||||
| C.java:73:3:73:14 | hessianInput | semmle.label | hessianInput |
|
||||
| C.java:79:26:79:71 | new StringReader(...) | semmle.label | new StringReader(...) |
|
||||
| C.java:79:43:79:70 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:84:27:84:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| C.java:87:3:87:13 | burlapInput | semmle.label | burlapInput |
|
||||
| C.java:91:3:91:14 | burlapInput1 | semmle.label | burlapInput1 |
|
||||
| TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | semmle.label | entityStream : InputStream |
|
||||
| TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) | semmle.label | new ObjectInputStream(...) |
|
||||
#select
|
||||
@@ -150,15 +150,15 @@ nodes
|
||||
| C.java:32:3:32:49 | loadStreamOfType(...) | C.java:23:17:23:44 | getParameter(...) : String | C.java:32:31:32:34 | data | Unsafe deserialization of $@. | C.java:23:17:23:44 | getParameter(...) | user input |
|
||||
| C.java:33:3:33:41 | loadType(...) | C.java:23:17:23:44 | getParameter(...) : String | C.java:33:23:33:26 | data | Unsafe deserialization of $@. | C.java:23:17:23:44 | getParameter(...) | user input |
|
||||
| C.java:43:3:43:29 | jsonToJava(...) | C.java:38:17:38:44 | getParameter(...) : String | C.java:43:25:43:28 | data | Unsafe deserialization of $@. | C.java:38:17:38:44 | getParameter(...) | user input |
|
||||
| C.java:48:3:48:17 | readObject(...) | C.java:38:17:38:44 | getParameter(...) : String | C.java:48:3:48:4 | jr | Unsafe deserialization of $@. | C.java:38:17:38:44 | getParameter(...) | user input |
|
||||
| C.java:58:3:58:10 | read(...) | C.java:56:17:56:44 | getParameter(...) : String | C.java:58:3:58:3 | r | Unsafe deserialization of $@. | C.java:56:17:56:44 | getParameter(...) | user input |
|
||||
| C.java:59:3:59:22 | read(...) | C.java:56:17:56:44 | getParameter(...) : String | C.java:59:3:59:3 | r | Unsafe deserialization of $@. | C.java:56:17:56:44 | getParameter(...) | user input |
|
||||
| C.java:60:3:60:36 | read(...) | C.java:56:17:56:44 | getParameter(...) : String | C.java:60:3:60:3 | r | Unsafe deserialization of $@. | C.java:56:17:56:44 | getParameter(...) | user input |
|
||||
| C.java:68:3:68:27 | readObject(...) | C.java:65:18:65:45 | getParameter(...) : String | C.java:68:3:68:14 | hessianInput | Unsafe deserialization of $@. | C.java:65:18:65:45 | getParameter(...) | user input |
|
||||
| C.java:69:3:69:39 | readObject(...) | C.java:65:18:65:45 | getParameter(...) : String | C.java:69:3:69:14 | hessianInput | Unsafe deserialization of $@. | C.java:65:18:65:45 | getParameter(...) | user input |
|
||||
| C.java:77:3:77:27 | readObject(...) | C.java:74:18:74:45 | getParameter(...) : String | C.java:77:3:77:14 | hessianInput | Unsafe deserialization of $@. | C.java:74:18:74:45 | getParameter(...) | user input |
|
||||
| C.java:78:3:78:39 | readObject(...) | C.java:74:18:74:45 | getParameter(...) : String | C.java:78:3:78:14 | hessianInput | Unsafe deserialization of $@. | C.java:74:18:74:45 | getParameter(...) | user input |
|
||||
| C.java:84:3:84:72 | unmarshal(...) | C.java:84:43:84:70 | getParameter(...) : String | C.java:84:26:84:71 | new StringReader(...) | Unsafe deserialization of $@. | C.java:84:43:84:70 | getParameter(...) | user input |
|
||||
| C.java:92:3:92:26 | readObject(...) | C.java:89:27:89:54 | getParameter(...) : String | C.java:92:3:92:13 | burlapInput | Unsafe deserialization of $@. | C.java:89:27:89:54 | getParameter(...) | user input |
|
||||
| C.java:96:3:96:27 | readObject(...) | C.java:89:27:89:54 | getParameter(...) : String | C.java:96:3:96:14 | burlapInput1 | Unsafe deserialization of $@. | C.java:89:27:89:54 | getParameter(...) | user input |
|
||||
| C.java:46:3:46:17 | readObject(...) | C.java:38:17:38:44 | getParameter(...) : String | C.java:46:3:46:4 | jr | Unsafe deserialization of $@. | C.java:38:17:38:44 | getParameter(...) | user input |
|
||||
| C.java:53:3:53:10 | read(...) | C.java:51:17:51:44 | getParameter(...) : String | C.java:53:3:53:3 | r | Unsafe deserialization of $@. | C.java:51:17:51:44 | getParameter(...) | user input |
|
||||
| C.java:54:3:54:22 | read(...) | C.java:51:17:51:44 | getParameter(...) : String | C.java:54:3:54:3 | r | Unsafe deserialization of $@. | C.java:51:17:51:44 | getParameter(...) | user input |
|
||||
| C.java:55:3:55:36 | read(...) | C.java:51:17:51:44 | getParameter(...) : String | C.java:55:3:55:3 | r | Unsafe deserialization of $@. | C.java:51:17:51:44 | getParameter(...) | user input |
|
||||
| C.java:63:3:63:27 | readObject(...) | C.java:60:18:60:45 | getParameter(...) : String | C.java:63:3:63:14 | hessianInput | Unsafe deserialization of $@. | C.java:60:18:60:45 | getParameter(...) | user input |
|
||||
| C.java:64:3:64:39 | readObject(...) | C.java:60:18:60:45 | getParameter(...) : String | C.java:64:3:64:14 | hessianInput | Unsafe deserialization of $@. | C.java:60:18:60:45 | getParameter(...) | user input |
|
||||
| C.java:72:3:72:27 | readObject(...) | C.java:69:18:69:45 | getParameter(...) : String | C.java:72:3:72:14 | hessianInput | Unsafe deserialization of $@. | C.java:69:18:69:45 | getParameter(...) | user input |
|
||||
| C.java:73:3:73:39 | readObject(...) | C.java:69:18:69:45 | getParameter(...) : String | C.java:73:3:73:14 | hessianInput | Unsafe deserialization of $@. | C.java:69:18:69:45 | getParameter(...) | user input |
|
||||
| C.java:79:3:79:72 | unmarshal(...) | C.java:79:43:79:70 | getParameter(...) : String | C.java:79:26:79:71 | new StringReader(...) | Unsafe deserialization of $@. | C.java:79:43:79:70 | getParameter(...) | user input |
|
||||
| C.java:87:3:87:26 | readObject(...) | C.java:84:27:84:54 | getParameter(...) : String | C.java:87:3:87:13 | burlapInput | Unsafe deserialization of $@. | C.java:84:27:84:54 | getParameter(...) | user input |
|
||||
| C.java:91:3:91:27 | readObject(...) | C.java:84:27:84:54 | getParameter(...) : String | C.java:91:3:91:14 | burlapInput1 | Unsafe deserialization of $@. | C.java:84:27:84:54 | getParameter(...) | user input |
|
||||
| TestMessageBodyReader.java:22:18:22:65 | readObject(...) | TestMessageBodyReader.java:20:55:20:78 | entityStream : InputStream | TestMessageBodyReader.java:22:18:22:52 | new ObjectInputStream(...) | Unsafe deserialization of $@. | TestMessageBodyReader.java:20:55:20:78 | entityStream | user input |
|
||||
|
||||
Reference in New Issue
Block a user