hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add SQLi sinks for Spring JDBC

Browse Source
This commit is contained in:
Tony Torralba
2023-05-12 10:57:49 +02:00
parent 82e780d175
commit a48fa652ce
10 changed files with 199 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
java/ql/test/query-tests/security/CWE-089/semmle/examples/SpringJdbc.java
View File

@@ -1,7 +1,13 @@
import java.sql.ResultSet;
import java.util.Map;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcOperations;
import org.springframework.jdbc.core.namedparam.SqlParameterSource;
import org.springframework.jdbc.core.PreparedStatementCallback;
import org.springframework.jdbc.core.ResultSetExtractor;
import org.springframework.jdbc.core.RowCallbackHandler;
import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.SqlParameter;
import org.springframework.jdbc.object.BatchSqlUpdate;
import org.springframework.jdbc.object.MappingSqlQueryWithParameters;
import org.springframework.jdbc.object.SqlFunction;
@@ -22,7 +28,7 @@ public class SpringJdbc {
}
}
public static void test(JdbcTemplate template) {
public static void test(JdbcTemplate template, NamedParameterJdbcOperations namedParamTemplate) {
new BatchSqlUpdate(null, source()); // $ sqlInjection
new SqlFunction(null, source()); // $ sqlInjection
new SqlUpdate(null, source()); // $ sqlInjection
@@ -39,6 +45,37 @@ public class SpringJdbc {
template.queryForObject(source(), (Class)null); // $ sqlInjection
template.queryForRowSet(source()); // $ sqlInjection
template.queryForStream(source(), (RowMapper)null); // $ sqlInjection
namedParamTemplate.batchUpdate(source(), (Map<String, ?>[]) null); // $ sqlInjection
namedParamTemplate.batchUpdate(source(), (SqlParameterSource[]) null); // $ sqlInjection
namedParamTemplate.execute(source(), (PreparedStatementCallback) null); // $ sqlInjection
namedParamTemplate.execute(source(), (Map<String, ?>) null, (PreparedStatementCallback) null); // $ sqlInjection
namedParamTemplate.execute(source(), (SqlParameterSource) null, (PreparedStatementCallback) null); // $ sqlInjection
namedParamTemplate.query(source(), (Map<String, ?>) null, (ResultSetExtractor) null); // $ sqlInjection
namedParamTemplate.query(source(), (Map<String, ?>) null, (RowMapper) null); // $ sqlInjection
namedParamTemplate.query(source(), (Map<String, ?>) null, (RowCallbackHandler) null); // $ sqlInjection
namedParamTemplate.query(source(), (SqlParameterSource) null, (ResultSetExtractor) null); // $ sqlInjection
namedParamTemplate.query(source(), (SqlParameterSource) null, (RowMapper) null); // $ sqlInjection
namedParamTemplate.query(source(), (SqlParameterSource) null, (RowCallbackHandler) null); // $ sqlInjection
namedParamTemplate.query(source(), (ResultSetExtractor) null); // $ sqlInjection
namedParamTemplate.query(source(), (RowMapper) null); // $ sqlInjection
namedParamTemplate.query(source(), (RowCallbackHandler) null); // $ sqlInjection
namedParamTemplate.queryForList(source(), (Map<String, ?>) null); // $ sqlInjection
namedParamTemplate.queryForList(source(), (Map<String, ?>) null, (Class) null); // $ sqlInjection
namedParamTemplate.queryForMap(source(), (Map<String, ?>) null); // $ sqlInjection
namedParamTemplate.queryForMap(source(), (SqlParameterSource) null); // $ sqlInjection
namedParamTemplate.queryForObject(source(), (Map<String, ?>) null, (Class) null); // $ sqlInjection
namedParamTemplate.queryForObject(source(), (Map<String, ?>) null, (RowMapper) null); // $ sqlInjection
namedParamTemplate.queryForObject(source(), (SqlParameterSource) null, (Class) null); // $ sqlInjection
namedParamTemplate.queryForObject(source(), (SqlParameterSource) null, (RowMapper) null); // $ sqlInjection
namedParamTemplate.queryForRowSet(source(), (Map<String, ?>) null); // $ sqlInjection
namedParamTemplate.queryForRowSet(source(), (SqlParameterSource) null); // $ sqlInjection
namedParamTemplate.queryForStream(source(), (Map<String, ?>) null, (RowMapper) null); // $ sqlInjection
namedParamTemplate.queryForStream(source(), (SqlParameterSource) null, (RowMapper) null); // $ sqlInjection
namedParamTemplate.update(source(), (Map<String, ?>) null); // $ sqlInjection
namedParamTemplate.update(source(), (SqlParameterSource) null); // $ sqlInjection
namedParamTemplate.update(source(), null, null); // $ sqlInjection
namedParamTemplate.update(source(), null, null, null); // $ sqlInjection
}
}