hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix tests

Browse Source
This commit is contained in:
Tony Torralba
2021-06-11 11:52:24 +02:00
parent 6f926e1e80
commit 7ff4d368be
4 changed files with 252 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/test/query-tests/security/CWE-094/GroovyClassLoaderTest.java
View File

@@ -12,6 +12,7 @@ public class GroovyClassLoaderTest extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// "groovy.lang;GroovyClassLoader;false;parseClass;;;Argument[0];groovy",
try {
String script = request.getParameter("script");
final GroovyClassLoader classLoader = new GroovyClassLoader();
@@ -21,10 +22,6 @@ public class GroovyClassLoaderTest extends HttpServlet {
} catch (Exception e) {
// Ignore
}
}
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
String script = request.getParameter("script");
final GroovyClassLoader classLoader = new GroovyClassLoader();

85
java/ql/test/query-tests/security/CWE-094/GroovyCompilationUnitTest.java Normal file
View File

@@ -0,0 +1,85 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URL;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.codehaus.groovy.control.CompilationUnit;
import org.codehaus.groovy.control.SourceUnit;
import org.codehaus.groovy.control.io.ReaderSource;
import org.codehaus.groovy.control.io.StringReaderSource;
public class GroovyCompilationUnitTest extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// "org.codehaus.groovy.control;CompilationUnit;false;compile;;;Argument[-1];groovy"
{
CompilationUnit cu = new CompilationUnit();
cu.addSource("test", request.getParameter("source"));
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
cu.addSource(request.getParameter("source"), "safe");
cu.compile(); // Safe
}
{
CompilationUnit cu = new CompilationUnit();
cu.addSource("test",
new ByteArrayInputStream(request.getParameter("source").getBytes()));
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
cu.addSource(new URL(request.getParameter("source")));
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su =
new SourceUnit("test", request.getParameter("source"), null, null, null);
cu.addSource(su);
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su =
new SourceUnit(request.getParameter("source"), "safe", null, null, null);
cu.addSource(su);
cu.compile(); // Safe
}
{
CompilationUnit cu = new CompilationUnit();
ReaderSource rs = new StringReaderSource(request.getParameter("source"), null);
SourceUnit su = new SourceUnit("test", rs, null, null, null);
cu.addSource(su);
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su =
new SourceUnit(new URL(request.getParameter("source")), null, null, null);
cu.addSource(su);
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su = SourceUnit.create("test", request.getParameter("source"));
cu.addSource(su);
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su = SourceUnit.create("test", request.getParameter("source"), 0);
cu.addSource(su);
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su = SourceUnit.create(request.getParameter("source"), "safe", 0);
cu.addSource(su);
cu.compile(); // Safe
}
}
}

51
java/ql/test/query-tests/security/CWE-094/GroovyEvalTest.java
View File

@@ -9,33 +9,32 @@ public class GroovyEvalTest extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String script = request.getParameter("script");
Eval.me(script); // $hasGroovyInjection
}
// "groovy.util;Eval;false;me;(String);;Argument[0];groovy",
{
String script = request.getParameter("script");
Eval.me(script); // $hasGroovyInjection
}
// "groovy.util;Eval;false;me;(String,Object,String);;Argument[2];groovy",
{
String script = request.getParameter("script");
Eval.me("test", "result", script); // $hasGroovyInjection
}
// "groovy.util;Eval;false;x;(Object,String);;Argument[1];groovy",
{
String script = request.getParameter("script");
Eval.x("result2", script); // $hasGroovyInjection
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String script = request.getParameter("script");
Eval.me("test", "result", script); // $hasGroovyInjection
}
protected void doPut(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String script = request.getParameter("script");
Eval.x("result2", script); // $hasGroovyInjection
}
protected void doDelete(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String script = request.getParameter("script");
Eval.xy("result3", "result4", script); // $hasGroovyInjection
}
protected void doPatch(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String script = request.getParameter("script");
Eval.xyz("result3", "result4", "aaa", script); // $hasGroovyInjection
}
// "groovy.util;Eval;false;xy;(Object,Object,String);;Argument[2];groovy",
{
String script = request.getParameter("script");
Eval.xy("result3", "result4", script); // $hasGroovyInjection
}
// "groovy.util;Eval;false;xyz;(Object,Object,Object,String);;Argument[3];groovy",
{
String script = request.getParameter("script");
Eval.xyz("result3", "result4", "aaa", script); // $hasGroovyInjection
}
}
}

191
java/ql/test/query-tests/security/CWE-094/GroovyShellTest.java
View File

@@ -1,63 +1,154 @@
import groovy.lang.GroovyCodeSource;
import groovy.lang.GroovyShell;
import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import groovy.lang.GroovyCodeSource;
import groovy.lang.GroovyShell;
public class GroovyShellTest extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script); // $hasGroovyInjection
}
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script, "test"); // $hasGroovyInjection
}
protected void doPut(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script, "test", "test2"); // $hasGroovyInjection
}
protected void doOptions(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.run(script, "_", new String[] {}); // $hasGroovyInjection
}
protected void doHead(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
shell.run(gcs, new String[] {}); // $hasGroovyInjection
}
protected void doDelete(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
shell.evaluate(gcs); // $hasGroovyInjection
}
protected void doPatch(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.parse(script); // $hasGroovyInjection
// "groovy.lang;GroovyShell;false;evaluate;(GroovyCodeSource);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
shell.evaluate(gcs); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(Reader);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.evaluate(reader); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(Reader,String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.evaluate(reader, "_"); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(String,String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script, "test"); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(String,String,String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script, "test", "test2"); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(URI);;Argument[0];groovy",
try {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.parse(new URI(script)); // $hasGroovyInjection
} catch (URISyntaxException e) {
}
// "groovy.lang;GroovyShell;false;parse;(Reader);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.parse(reader); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;parse;(Reader,String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.parse(reader, "_"); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;parse;(String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.parse(script); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;parse;(String,String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.parse(script, "_"); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;parse;(URI);;Argument[0];groovy",
try {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.parse(new URI(script)); // $hasGroovyInjection
} catch (URISyntaxException e) {
}
// "groovy.lang;GroovyShell;false;run;(GroovyCodeSource,String[]);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
shell.run(gcs, new String[] {}); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(GroovyCodeSource,List);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
shell.run(gcs, new ArrayList<String>()); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(Reader,String,String[]);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.run(reader, "test", new String[] {}); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(Reader,String,List);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.run(reader, "test", new ArrayList<String>()); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(String,String,String[]);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.run(script, "_", new String[] {}); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(String,String,List);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.run(script, "_", new ArrayList<String>()); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(URI,String[]);;Argument[0];groovy",
try {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.run(new URI(script), new String[] {}); // $hasGroovyInjection
} catch (URISyntaxException e) {
}
// "groovy.lang;GroovyShell;false;run;(URI,List);;Argument[0];groovy",
try {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.run(new URI(script), new ArrayList<String>()); // $hasGroovyInjection
} catch (URISyntaxException e) {
}
}
}