hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: convert RequestForgery test to .qlref

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-06-24 11:28:40 +02:00
parent 7f05b72e10
commit aac4f63e9a
14 changed files with 2200 additions and 390 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/test/query-tests/security/CWE-918/JavaNetHttpSSRF.java
View File

@@ -22,21 +22,21 @@ public class JavaNetHttpSSRF extends HttpServlet {
throws ServletException, IOException {
try {
String sink = request.getParameter("uri");
String sink = request.getParameter("uri"); // $ Source
URI uri = new URI(sink);
URI uri2 = new URI("http", sink, "fragement");
URL url1 = new URL(sink);
URLConnection c1 = url1.openConnection(); // $ SSRF
URLConnection c1 = url1.openConnection(); // $ Alert
SocketAddress sa = new SocketAddress() {
};
URLConnection c2 = url1.openConnection(new Proxy(Type.HTTP, sa)); // $ SSRF
InputStream c3 = url1.openStream(); // $ SSRF
URLConnection c2 = url1.openConnection(new Proxy(Type.HTTP, sa)); // $ Alert
InputStream c3 = url1.openStream(); // $ Alert
// java.net.http
HttpClient client = HttpClient.newHttpClient();
HttpRequest request2 = HttpRequest.newBuilder().uri(uri2).build(); // $ SSRF
HttpRequest request3 = HttpRequest.newBuilder(uri).build(); // $ SSRF
HttpRequest request2 = HttpRequest.newBuilder().uri(uri2).build(); // $ Alert
HttpRequest request3 = HttpRequest.newBuilder(uri).build(); // $ Alert
} catch (Exception e) {
// TODO: handle exception