hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add TemplateEngine.createTemplate as a groovy injection sink

Browse Source
This commit is contained in:
Tony Torralba
2023-05-19 17:45:47 +02:00
parent f943502e41
commit b58eb3a92c
6 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
java/ql/test/query-tests/security/CWE-094/TemplateEngineTest.java Normal file
View File

@@ -0,0 +1,30 @@
import java.io.File;
import java.io.IOException;
import java.io.Reader;
import java.net.URL;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import groovy.text.TemplateEngine;
public class TemplateEngineTest extends HttpServlet {
private Object source(HttpServletRequest request) {
return request.getParameter("script");
}
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
Object script = source(request);
TemplateEngine engine = null;
engine.createTemplate(request.getParameter("script")); // $ hasGroovyInjection
engine.createTemplate((File) script); // $ hasGroovyInjection
engine.createTemplate((Reader) script); // $ hasGroovyInjection
engine.createTemplate((URL) script); // $ hasGroovyInjection
} catch (Exception e) {
}
}
}