hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed typos

Browse Source 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
This commit is contained in:
Artem Smotrakov
2021-04-07 20:55:03 +03:00
committed by GitHub
parent 6c24699403
commit 80ac2aff26
2 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.qhelp
View File

@@ -4,22 +4,22 @@
<overview>
<p>
Jakarta Expression Language (EL) is an expression language for Java applications.
There are a single language specification and multiple implementations
There is a single language specification and multiple implementations
such as Glassfish, Juel, Apache Commons EL, etc.
The language allows invocation of methods available in the JVM.
If an expression is built using attacker-controlled data,
and then evaluated, then it may allow the attacker to run arbitrary code.
and then evaluated, it may allow the attacker to run arbitrary code.
</p>
</overview>
<recommendation>
<p>
It is generally recommended to avoid using untrusted data in an EL expression.
Before using untrusted data to build an EL expressoin, the data should be validated
to ensure it is not evaluated as expression language. If the EL implementaion offers
configuring a sandbox for EL expression, they should be run in a restircitive sandbox
Before using untrusted data to build an EL expression, the data should be validated
to ensure it is not evaluated as expression language. If the EL implementation offers
configuring a sandbox for EL expressions, they should be run in a restrictive sandbox
that allows accessing only explicitly allowed classes. If the EL implementation
does not allow sandboxing, consider using other expressiong language implementations
does not support sandboxing, consider using other expression language implementations
with sandboxing capabilities such as Apache Commons JEXL or the Spring Expression Language.
</p>
</recommendation>
@@ -32,9 +32,9 @@ using the JUEL interpreter:
<sample src="UnsafeExpressionEvaluationWithJUEL.java" />
<p>
JUEL does not allow to run expression in a sandbox. To prevent running arbitrary code,
incoming data has to be checked before including to an expression. The next example
uses a Regex pattern to check whether a user tries to run an allowed exression or not:
JUEL does not support to run expressions in a sandbox. To prevent running arbitrary code,
incoming data has to be checked before including it in an expression. The next example
uses a Regex pattern to check whether a user tries to run an allowed expression or not:
</p>
<sample src="SaferExpressionEvaluationWithJUEL.java" />

4
java/ql/src/experimental/Security/CWE/CWE-094/SaferExpressionEvaluationWithJuel.java
View File

@@ -1,10 +1,10 @@
String input = getRemoteUserInput();
String pattern = "(inside|outside)\\.(temperature|humidity)";
if (!input.matches(pattern)) {
throw new IllegalArgumentException("Unexpected exression");
throw new IllegalArgumentException("Unexpected expression");
}
String expression = "${" + input + "}";
ExpressionFactory factory = new de.odysseus.el.ExpressionFactoryImpl();
ValueExpression e = factory.createValueExpression(context, expression, Object.class);
SimpleContext context = getContext();
Object result = e.getValue(context);
Object result = e.getValue(context);