hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add safe example for dom4j

Browse Source
This commit is contained in:
Tony Torralba
2021-05-06 10:17:25 +02:00
parent 926fedb7fb
commit 76468559ba
5 changed files with 96 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java
View File

@@ -110,12 +110,12 @@ public class XPathInjectionTest {
String expression4 = "/users/user[@name=$user and @pass=$pass]";
xpath.setXPathVariableResolver(v -> {
switch (v.getLocalPart()) {
case "user":
return user;
case "pass":
return pass;
default:
throw new IllegalArgumentException();
case "user":
return user;
case "pass":
return pass;
default:
throw new IllegalArgumentException();
}
});
xpath.evaluate(expression4, doc, XPathConstants.BOOLEAN); // Safe
@@ -154,5 +154,13 @@ public class XPathInjectionTest {
Namespace namespace = new Namespace("prefix", "http://some.uri.io");
namespace.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
namespace.createXPathFilter("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
org.jaxen.SimpleVariableContext svc = new org.jaxen.SimpleVariableContext();
svc.setVariableValue("user", user);
svc.setVariableValue("pass", pass);
String xpathString = "/users/user[@name=$user and @pass=$pass]";
org.dom4j.XPath safeXPath = document.createXPath(xpathString); // Safe
safeXPath.setVariableContext(svc);
safeXPath.selectSingleNode(document); // Safe
}
}