hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Consider second parameter of Node.selectNodes

Browse Source
This commit is contained in:
Tony Torralba
2021-04-27 15:49:49 +02:00
parent d72dd9b861
commit ab62bb66f4
2 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/test/experimental/query-tests/security/CWE-643/A.java
View File

@@ -107,7 +107,7 @@ public class A {
org.dom4j.Document document = reader.read(new ByteArrayInputStream(xmlStr.getBytes()));
document.selectObject("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.selectNodes("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.selectNodes("/users/user[@name='test']", "/users/user[@pass='" + pass + "']"); // Safe-ish
document.selectNodes("/users/user[@name='test']", "/users/user[@pass='" + pass + "']"); // $hasXPathInjection
document.selectSingleNode("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.valueOf("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.numberValueOf("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection