hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Added a source and a taint step for JexlInjectionConfig

Browse Source 
- Added TaintedSpringRequestBody source
- Added returningTaintedDataFromBean() taint step
- Added tests
This commit is contained in:
Artem Smotrakov
2021-01-17 22:28:42 +01:00
parent 99401f6e84
commit 7d2d27394b
9 changed files with 248 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll
View File

@@ -11,6 +11,7 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
JexlInjectionConfig() { this = "JexlInjectionConfig" }
override predicate isSource(DataFlow::Node source) {
source instanceof TaintedSpringRequestBody or
source instanceof RemoteFlowSource or
source instanceof UserInput or
source instanceof EnvInput
@@ -22,7 +23,18 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
creatingTaintedJexlExpression(node1, node2) or
creatingTaintedJexlTemplate(node1, node2) or
creatingTaintedJexlScript(node1, node2) or
creatingTaintedJexlCallable(node1, node2)
creatingTaintedJexlCallable(node1, node2) or
returningTaintedDataFromBean(node1, node2)
}
}
/**
* A data flow source for parameters that have
* a Spring framework annotation indicating remote user input from servlets.
*/
class TaintedSpringRequestBody extends DataFlow::Node {
TaintedSpringRequestBody() {
exists(SpringServletInputAnnotation a | this.asParameter().getAnAnnotation() = a)
}
}
@@ -119,6 +131,18 @@ predicate creatingTaintedJexlCallable(DataFlow::Node node1, DataFlow::Node node2
)
}
/**
* Holds if `node1` to `node2` is a dataflow step that returns data from
* a tainted bean by calling one of its getters.
*/
predicate returningTaintedDataFromBean(DataFlow::Node node1, DataFlow::Node node2) {
exists(MethodAccess ma, Method m | ma.getMethod() = m |
m instanceof GetterMethod and
ma.getQualifier() = node1.asExpr() and
ma = node2.asExpr()
)
}
/**
* Holds if `expr` is a call to one of the methods that execute a Jexl script.
*/

59
java/ql/test/experimental/query-tests/security/CWE-094/Jexl3Injection.java
View File

@@ -4,6 +4,11 @@ import java.net.Socket;
import java.util.function.Consumer;
import org.apache.commons.jexl3.*;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
public class Jexl3Injection {
@@ -132,4 +137,58 @@ public class Jexl3Injection {
public static void testWithJexlExpressionCallable() throws Exception {
testWithSocket(Jexl3Injection::runJexlExpressionViaCallable);
}
@PostMapping("/request")
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromPathVariable(
@PathVariable String expr) {
runJexlExpression(expr);
return ResponseEntity.ok(HttpStatus.OK);
}
@PostMapping("/request")
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromRequestBody(
@RequestBody Data data) {
String expr = data.getExpr();
runJexlExpression(expr);
return ResponseEntity.ok(HttpStatus.OK);
}
@PostMapping("/request")
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromRequestBodyWithNestedObjects(
@RequestBody CustomRequest customRequest) {
String expr = customRequest.getData().getExpr();
runJexlExpression(expr);
return ResponseEntity.ok(HttpStatus.OK);
}
public static class CustomRequest {
private Data data;
CustomRequest(Data data) {
this.data = data;
}
public Data getData() {
return data;
}
}
public static class Data {
private String expr;
Data(String expr) {
this.expr = expr;
}
public String getExpr() {
return expr;
}
}
}

195
java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.expected
View File

@@ -36,47 +36,53 @@ edges
| Jexl2Injection.java:114:24:114:85 | jexlExpr : String | Jexl2Injection.java:114:24:114:85 | jexlExpr : String |
| Jexl2Injection.java:118:24:118:86 | jexlExpr : String | Jexl2Injection.java:66:73:66:87 | jexlExpr : String |
| Jexl2Injection.java:118:24:118:86 | jexlExpr : String | Jexl2Injection.java:118:24:118:86 | jexlExpr : String |
| Jexl3Injection.java:10:43:10:57 | jexlExpr : String | Jexl3Injection.java:14:9:14:9 | e |
| Jexl3Injection.java:17:55:17:69 | jexlExpr : String | Jexl3Injection.java:21:9:21:9 | e |
| Jexl3Injection.java:24:39:24:53 | jexlExpr : String | Jexl3Injection.java:28:9:28:14 | script |
| Jexl3Injection.java:31:50:31:64 | jexlExpr : String | Jexl3Injection.java:37:13:37:31 | callable(...) |
| Jexl3Injection.java:43:57:43:71 | jexlExpr : String | Jexl3Injection.java:45:40:45:47 | jexlExpr |
| Jexl3Injection.java:15:43:15:57 | jexlExpr : String | Jexl3Injection.java:19:9:19:9 | e |
| Jexl3Injection.java:22:55:22:69 | jexlExpr : String | Jexl3Injection.java:26:9:26:9 | e |
| Jexl3Injection.java:29:39:29:53 | jexlExpr : String | Jexl3Injection.java:33:9:33:14 | script |
| Jexl3Injection.java:36:50:36:64 | jexlExpr : String | Jexl3Injection.java:42:13:42:31 | callable(...) |
| Jexl3Injection.java:48:57:48:71 | jexlExpr : String | Jexl3Injection.java:50:40:50:47 | jexlExpr |
| Jexl3Injection.java:53:74:53:88 | jexlExpr : String | Jexl3Injection.java:56:9:56:39 | createExpression(...) |
| Jexl3Injection.java:59:73:59:87 | jexlExpr : String | Jexl3Injection.java:62:9:62:39 | createExpression(...) |
| Jexl3Injection.java:65:72:65:86 | jexlExpr : String | Jexl3Injection.java:68:9:68:37 | createTemplate(...) |
| Jexl3Injection.java:71:54:71:68 | jexlExpr : String | Jexl3Injection.java:77:13:77:26 | callable(...) |
| Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:89:31:89:38 | jexlExpr : String |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | Jexl3Injection.java:97:24:97:56 | jexlExpr : String |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | Jexl3Injection.java:101:24:101:68 | jexlExpr : String |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | Jexl3Injection.java:105:24:105:52 | jexlExpr : String |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | Jexl3Injection.java:109:24:109:63 | jexlExpr : String |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | Jexl3Injection.java:113:24:113:70 | jexlExpr : String |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | Jexl3Injection.java:117:24:117:70 | jexlExpr : String |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | Jexl3Injection.java:121:24:121:87 | jexlExpr : String |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | Jexl3Injection.java:125:24:125:86 | jexlExpr : String |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | Jexl3Injection.java:129:24:129:85 | jexlExpr : String |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | Jexl3Injection.java:133:24:133:67 | jexlExpr : String |
| Jexl3Injection.java:97:24:97:56 | jexlExpr : String | Jexl3Injection.java:10:43:10:57 | jexlExpr : String |
| Jexl3Injection.java:97:24:97:56 | jexlExpr : String | Jexl3Injection.java:97:24:97:56 | jexlExpr : String |
| Jexl3Injection.java:101:24:101:68 | jexlExpr : String | Jexl3Injection.java:17:55:17:69 | jexlExpr : String |
| Jexl3Injection.java:101:24:101:68 | jexlExpr : String | Jexl3Injection.java:101:24:101:68 | jexlExpr : String |
| Jexl3Injection.java:105:24:105:52 | jexlExpr : String | Jexl3Injection.java:24:39:24:53 | jexlExpr : String |
| Jexl3Injection.java:105:24:105:52 | jexlExpr : String | Jexl3Injection.java:105:24:105:52 | jexlExpr : String |
| Jexl3Injection.java:109:24:109:63 | jexlExpr : String | Jexl3Injection.java:31:50:31:64 | jexlExpr : String |
| Jexl3Injection.java:109:24:109:63 | jexlExpr : String | Jexl3Injection.java:109:24:109:63 | jexlExpr : String |
| Jexl3Injection.java:113:24:113:70 | jexlExpr : String | Jexl3Injection.java:43:57:43:71 | jexlExpr : String |
| Jexl3Injection.java:113:24:113:70 | jexlExpr : String | Jexl3Injection.java:113:24:113:70 | jexlExpr : String |
| Jexl3Injection.java:117:24:117:70 | jexlExpr : String | Jexl3Injection.java:48:57:48:71 | jexlExpr : String |
| Jexl3Injection.java:117:24:117:70 | jexlExpr : String | Jexl3Injection.java:117:24:117:70 | jexlExpr : String |
| Jexl3Injection.java:121:24:121:87 | jexlExpr : String | Jexl3Injection.java:53:74:53:88 | jexlExpr : String |
| Jexl3Injection.java:121:24:121:87 | jexlExpr : String | Jexl3Injection.java:121:24:121:87 | jexlExpr : String |
| Jexl3Injection.java:125:24:125:86 | jexlExpr : String | Jexl3Injection.java:59:73:59:87 | jexlExpr : String |
| Jexl3Injection.java:125:24:125:86 | jexlExpr : String | Jexl3Injection.java:125:24:125:86 | jexlExpr : String |
| Jexl3Injection.java:129:24:129:85 | jexlExpr : String | Jexl3Injection.java:65:72:65:86 | jexlExpr : String |
| Jexl3Injection.java:129:24:129:85 | jexlExpr : String | Jexl3Injection.java:129:24:129:85 | jexlExpr : String |
| Jexl3Injection.java:133:24:133:67 | jexlExpr : String | Jexl3Injection.java:71:54:71:68 | jexlExpr : String |
| Jexl3Injection.java:133:24:133:67 | jexlExpr : String | Jexl3Injection.java:133:24:133:67 | jexlExpr : String |
| Jexl3Injection.java:53:57:53:71 | jexlExpr : String | Jexl3Injection.java:55:40:55:47 | jexlExpr |
| Jexl3Injection.java:58:74:58:88 | jexlExpr : String | Jexl3Injection.java:61:9:61:39 | createExpression(...) |
| Jexl3Injection.java:64:73:64:87 | jexlExpr : String | Jexl3Injection.java:67:9:67:39 | createExpression(...) |
| Jexl3Injection.java:70:72:70:86 | jexlExpr : String | Jexl3Injection.java:73:9:73:37 | createTemplate(...) |
| Jexl3Injection.java:76:54:76:68 | jexlExpr : String | Jexl3Injection.java:82:13:82:26 | callable(...) |
| Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:94:31:94:38 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:102:24:102:56 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:106:24:106:68 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:110:24:110:52 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:114:24:114:63 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:118:24:118:70 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:122:24:122:70 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:126:24:126:87 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:130:24:130:86 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:134:24:134:85 | jexlExpr : String |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | Jexl3Injection.java:138:24:138:67 | jexlExpr : String |
| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | Jexl3Injection.java:102:24:102:56 | jexlExpr : String |
| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | Jexl3Injection.java:22:55:22:69 | jexlExpr : String |
| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | Jexl3Injection.java:106:24:106:68 | jexlExpr : String |
| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | Jexl3Injection.java:29:39:29:53 | jexlExpr : String |
| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | Jexl3Injection.java:110:24:110:52 | jexlExpr : String |
| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | Jexl3Injection.java:36:50:36:64 | jexlExpr : String |
| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | Jexl3Injection.java:114:24:114:63 | jexlExpr : String |
| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | Jexl3Injection.java:48:57:48:71 | jexlExpr : String |
| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | Jexl3Injection.java:118:24:118:70 | jexlExpr : String |
| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | Jexl3Injection.java:53:57:53:71 | jexlExpr : String |
| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | Jexl3Injection.java:122:24:122:70 | jexlExpr : String |
| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | Jexl3Injection.java:58:74:58:88 | jexlExpr : String |
| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | Jexl3Injection.java:126:24:126:87 | jexlExpr : String |
| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | Jexl3Injection.java:64:73:64:87 | jexlExpr : String |
| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | Jexl3Injection.java:130:24:130:86 | jexlExpr : String |
| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | Jexl3Injection.java:70:72:70:86 | jexlExpr : String |
| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | Jexl3Injection.java:134:24:134:85 | jexlExpr : String |
| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | Jexl3Injection.java:76:54:76:68 | jexlExpr : String |
| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | Jexl3Injection.java:138:24:138:67 | jexlExpr : String |
| Jexl3Injection.java:143:13:143:37 | expr : String | Jexl3Injection.java:145:27:145:30 | expr : String |
| Jexl3Injection.java:145:27:145:30 | expr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
| Jexl3Injection.java:151:13:151:34 | data : Data | Jexl3Injection.java:154:27:154:30 | expr : String |
| Jexl3Injection.java:154:27:154:30 | expr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
| Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | Jexl3Injection.java:164:27:164:30 | expr : String |
| Jexl3Injection.java:164:27:164:30 | expr : String | Jexl3Injection.java:15:43:15:57 | jexlExpr : String |
nodes
| Jexl2Injection.java:10:43:10:57 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:14:9:14:9 | e | semmle.label | e |
@@ -116,48 +122,54 @@ nodes
| Jexl2Injection.java:114:24:114:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:118:24:118:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl2Injection.java:118:24:118:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:10:43:10:57 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:14:9:14:9 | e | semmle.label | e |
| Jexl3Injection.java:17:55:17:69 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:21:9:21:9 | e | semmle.label | e |
| Jexl3Injection.java:24:39:24:53 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:28:9:28:14 | script | semmle.label | script |
| Jexl3Injection.java:31:50:31:64 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:37:13:37:31 | callable(...) | semmle.label | callable(...) |
| Jexl3Injection.java:43:57:43:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:45:40:45:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl3Injection.java:15:43:15:57 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:19:9:19:9 | e | semmle.label | e |
| Jexl3Injection.java:22:55:22:69 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:26:9:26:9 | e | semmle.label | e |
| Jexl3Injection.java:29:39:29:53 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:33:9:33:14 | script | semmle.label | script |
| Jexl3Injection.java:36:50:36:64 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:42:13:42:31 | callable(...) | semmle.label | callable(...) |
| Jexl3Injection.java:48:57:48:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:50:40:50:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl3Injection.java:53:74:53:88 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:56:9:56:39 | createExpression(...) | semmle.label | createExpression(...) |
| Jexl3Injection.java:59:73:59:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:62:9:62:39 | createExpression(...) | semmle.label | createExpression(...) |
| Jexl3Injection.java:65:72:65:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:68:9:68:37 | createTemplate(...) | semmle.label | createTemplate(...) |
| Jexl3Injection.java:71:54:71:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:77:13:77:26 | callable(...) | semmle.label | callable(...) |
| Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| Jexl3Injection.java:89:31:89:38 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:97:24:97:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:97:24:97:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:101:24:101:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:101:24:101:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:105:24:105:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:105:24:105:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:109:24:109:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:109:24:109:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:113:24:113:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:113:24:113:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:117:24:117:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:117:24:117:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:121:24:121:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:121:24:121:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:125:24:125:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:125:24:125:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:129:24:129:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:129:24:129:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:133:24:133:67 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:133:24:133:67 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:53:57:53:71 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:55:40:55:47 | jexlExpr | semmle.label | jexlExpr |
| Jexl3Injection.java:58:74:58:88 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:61:9:61:39 | createExpression(...) | semmle.label | createExpression(...) |
| Jexl3Injection.java:64:73:64:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:67:9:67:39 | createExpression(...) | semmle.label | createExpression(...) |
| Jexl3Injection.java:70:72:70:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:73:9:73:37 | createTemplate(...) | semmle.label | createTemplate(...) |
| Jexl3Injection.java:76:54:76:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:82:13:82:26 | callable(...) | semmle.label | callable(...) |
| Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | semmle.label | getInputStream(...) : InputStream |
| Jexl3Injection.java:94:31:94:38 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:102:24:102:56 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:106:24:106:68 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:110:24:110:52 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:114:24:114:63 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:118:24:118:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:122:24:122:70 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:126:24:126:87 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:130:24:130:86 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:134:24:134:85 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:138:24:138:67 | jexlExpr : String | semmle.label | jexlExpr : String |
| Jexl3Injection.java:143:13:143:37 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:145:27:145:30 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:151:13:151:34 | data : Data | semmle.label | data : Data |
| Jexl3Injection.java:154:27:154:30 | expr : String | semmle.label | expr : String |
| Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | semmle.label | customRequest : CustomRequest |
| Jexl3Injection.java:164:27:164:30 | expr : String | semmle.label | expr : String |
#select
| Jexl2Injection.java:14:9:14:9 | e | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:14:9:14:9 | e | Jexl injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
| Jexl2Injection.java:22:9:22:9 | e | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:22:9:22:9 | e | Jexl injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
@@ -168,13 +180,16 @@ nodes
| Jexl2Injection.java:57:9:57:35 | parse(...) | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:57:9:57:35 | parse(...) | Jexl injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
| Jexl2Injection.java:63:9:63:35 | parse(...) | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:63:9:63:35 | parse(...) | Jexl injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
| Jexl2Injection.java:69:9:69:44 | createTemplate(...) | Jexl2Injection.java:76:25:76:47 | getInputStream(...) : InputStream | Jexl2Injection.java:69:9:69:44 | createTemplate(...) | Jexl injection from $@. | Jexl2Injection.java:76:25:76:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:14:9:14:9 | e | Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:14:9:14:9 | e | Jexl injection from $@. | Jexl3Injection.java:87:25:87:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:21:9:21:9 | e | Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:21:9:21:9 | e | Jexl injection from $@. | Jexl3Injection.java:87:25:87:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:28:9:28:14 | script | Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:28:9:28:14 | script | Jexl injection from $@. | Jexl3Injection.java:87:25:87:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:37:13:37:31 | callable(...) | Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:37:13:37:31 | callable(...) | Jexl injection from $@. | Jexl3Injection.java:87:25:87:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:45:40:45:47 | jexlExpr | Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:45:40:45:47 | jexlExpr | Jexl injection from $@. | Jexl3Injection.java:87:25:87:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:50:40:50:47 | jexlExpr | Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:50:40:50:47 | jexlExpr | Jexl injection from $@. | Jexl3Injection.java:87:25:87:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:56:9:56:39 | createExpression(...) | Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:56:9:56:39 | createExpression(...) | Jexl injection from $@. | Jexl3Injection.java:87:25:87:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:62:9:62:39 | createExpression(...) | Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:62:9:62:39 | createExpression(...) | Jexl injection from $@. | Jexl3Injection.java:87:25:87:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:68:9:68:37 | createTemplate(...) | Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:68:9:68:37 | createTemplate(...) | Jexl injection from $@. | Jexl3Injection.java:87:25:87:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:77:13:77:26 | callable(...) | Jexl3Injection.java:87:25:87:47 | getInputStream(...) : InputStream | Jexl3Injection.java:77:13:77:26 | callable(...) | Jexl injection from $@. | Jexl3Injection.java:87:25:87:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:19:9:19:9 | e | Jexl injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:143:13:143:37 | expr : String | Jexl3Injection.java:19:9:19:9 | e | Jexl injection from $@. | Jexl3Injection.java:143:13:143:37 | expr | this user input |
| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:151:13:151:34 | data : Data | Jexl3Injection.java:19:9:19:9 | e | Jexl injection from $@. | Jexl3Injection.java:151:13:151:34 | data | this user input |
| Jexl3Injection.java:19:9:19:9 | e | Jexl3Injection.java:161:13:161:52 | customRequest : CustomRequest | Jexl3Injection.java:19:9:19:9 | e | Jexl injection from $@. | Jexl3Injection.java:161:13:161:52 | customRequest | this user input |
| Jexl3Injection.java:26:9:26:9 | e | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:26:9:26:9 | e | Jexl injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:33:9:33:14 | script | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:33:9:33:14 | script | Jexl injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:42:13:42:31 | callable(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:42:13:42:31 | callable(...) | Jexl injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:50:40:50:47 | jexlExpr | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:50:40:50:47 | jexlExpr | Jexl injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:55:40:55:47 | jexlExpr | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:55:40:55:47 | jexlExpr | Jexl injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:61:9:61:39 | createExpression(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:61:9:61:39 | createExpression(...) | Jexl injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:67:9:67:39 | createExpression(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:67:9:67:39 | createExpression(...) | Jexl injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:73:9:73:37 | createTemplate(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:73:9:73:37 | createTemplate(...) | Jexl injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |
| Jexl3Injection.java:82:13:82:26 | callable(...) | Jexl3Injection.java:92:25:92:47 | getInputStream(...) : InputStream | Jexl3Injection.java:82:13:82:26 | callable(...) | Jexl injection from $@. | Jexl3Injection.java:92:25:92:47 | getInputStream(...) | this user input |

4
java/ql/test/stubs/springframework-5.2.3/org/springframework/http/ResponseEntity.java
View File

@@ -9,4 +9,8 @@ public class ResponseEntity<T> extends org.springframework.http.HttpEntity {
// public ResponseEntity(T body, org.springframework.http.HttpStatus status) {
// }
public static <T> ResponseEntity<T> ok(T body) {
return null;
}
}

14
java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/PathVariable.java Normal file
View File

@@ -0,0 +1,14 @@
package org.springframework.web.bind.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface PathVariable {
}

16
java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/PostMapping.java Normal file
View File

@@ -0,0 +1,16 @@
package org.springframework.web.bind.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
@RequestMapping(method = RequestMethod.POST)
public @interface PostMapping {
String[] value() default {};
}

15
java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/RequestBody.java Normal file
View File

@@ -0,0 +1,15 @@
package org.springframework.web.bind.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(ElementType.PARAMETER)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface RequestBody {
boolean required() default true;
}

5
java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/RequestMapping.java
View File

@@ -5,4 +5,7 @@ import java.lang.annotation.*;
@Target(value={ElementType.METHOD,ElementType.TYPE})
@Retention(value=RetentionPolicy.RUNTIME)
@Documented
public @interface RequestMapping { }
public @interface RequestMapping {
RequestMethod[] method() default {};
}

6
java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/RequestMethod.java Normal file
View File

@@ -0,0 +1,6 @@
package org.springframework.web.bind.annotation;
public enum RequestMethod {
GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS, TRACE
}