hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Tainting the freemarker dataModel isn't exploitable

Browse Source
This commit is contained in:
Tony Torralba
2022-09-12 14:22:06 +02:00
parent dd6257c757
commit 79a32f1a3e
2 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/test/query-tests/security/CWE-094/FreemarkerSSTI.java
View File

@@ -104,14 +104,14 @@ public class FreemarkerSSTI {
stringLoader.putTemplate("myTemplate", code, 0); // $hasTemplateInjection
}
@GetMapping(value = "bad10")
public void bad10(HttpServletRequest request) {
@GetMapping(value = "good1")
public void good1(HttpServletRequest request) {
HashMap<Object, Object> root = new HashMap();
String code = request.getParameter("code");
root.put("code", code);
Configuration cfg = new Configuration();
Template temp = cfg.getTemplate("test.ftlh");
OutputStreamWriter out = new OutputStreamWriter(System.out);
temp.process(root, out); // $hasTemplateInjection
temp.process(root, out); // Safe
}
}