hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12446 from github/java/update-mad-decls-after-triage-2023-03-08T14-51-59

Browse Source 
Java: Update MaD Declarations after Triage
This commit is contained in:
Tony Torralba
2023-03-13 14:07:59 +01:00
committed by GitHub
parent 64f23ebb4d e834f9302e
commit 705691b096
617 changed files with 16297 additions and 680 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/test/query-tests/security/CWE-918/JdbcUrlSSRF.java
View File

@@ -20,7 +20,7 @@ public class JdbcUrlSSRF extends HttpServlet {
String jdbcUrl = request.getParameter("jdbcUrl");
Driver driver = new org.postgresql.Driver();
DataSourceBuilder dsBuilder = new DataSourceBuilder();
DataSourceBuilder dsBuilder = DataSourceBuilder.create();
try {
driver.connect(jdbcUrl, null); // $ SSRF

22
java/ql/test/query-tests/security/CWE-918/mad/Test.java Normal file
View File

@@ -0,0 +1,22 @@
import java.net.URL;
import javax.servlet.http.HttpServletRequest;
import javafx.scene.web.WebEngine;
import org.codehaus.cargo.container.installer.ZipURLInstaller;
public class Test {
public static Object source(HttpServletRequest request) {
return request.getParameter(null);
}
public void test(WebEngine webEngine) {
// "javafx.scene.web;WebEngine;false;load;(String);;Argument[0];open-url;ai-generated"
webEngine.load((String) source(null)); // $ SSRF
}
public void test() {
// "org.codehaus.cargo.container.installer;ZipURLInstaller;true;ZipURLInstaller;(URL,String,String);;Argument[0];open-url:ai-generated"
new ZipURLInstaller((URL) source(null), "", ""); // $ SSRF
}
}

2
java/ql/test/query-tests/security/CWE-918/options
View File

@@ -1,2 +1,2 @@
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/servlet-api-2.4/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/servlet-api-2.4/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web