hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move to experimental and review feedback

Browse Source
This commit is contained in:
Francis Alexander
2021-03-05 07:26:29 +05:30
parent 45bdb22db8
commit abdebc29f9
9 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.expected Normal file
View File

@@ -0,0 +1,7 @@
edges
| UnvalidatedCors.java:21:22:21:48 | getHeader(...) : String | UnvalidatedCors.java:27:67:27:69 | url |
nodes
| UnvalidatedCors.java:21:22:21:48 | getHeader(...) : String | semmle.label | getHeader(...) : String |
| UnvalidatedCors.java:27:67:27:69 | url | semmle.label | url |
#select
| UnvalidatedCors.java:27:67:27:69 | url | UnvalidatedCors.java:21:22:21:48 | getHeader(...) : String | UnvalidatedCors.java:27:67:27:69 | url | CORS header is being set using user controlled value $@. | UnvalidatedCors.java:21:22:21:48 | getHeader(...) | user-provided value |

37
java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.java Normal file
View File

@@ -0,0 +1,37 @@
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
public class UnvalidatedCors implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {}
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String url = request.getHeader("Origin");
if (!StringUtils.isEmpty(url)) {
String val = response.getHeader("Access-Control-Allow-Origin");
if (StringUtils.isEmpty(val)) {
response.addHeader("Access-Control-Allow-Origin", url);
response.addHeader("Access-Control-Allow-Credentials", "true");
}
}
chain.doFilter(req, res);
}
public void destroy() {}
}

1
java/ql/test/experimental/query-tests/security/CWE-346/UnvalidatedCors.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/Security/CWE/CWE-346/UnvalidatedCors.ql

1
java/ql/test/experimental/query-tests/security/CWE-346/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/apache-commons-lang3-3.7