mirror of
https://github.com/github/codeql.git
synced 2026-04-27 01:35:13 +02:00
Java: Fix OgnlInjection qltest
This commit is contained in:
Anders Schack-Mulligen
@@ -1,48 +1,48 @@
|
||||
edges
|
||||
| OgnlInjection.java:11:39:11:63 | expr : String | OgnlInjection.java:13:19:13:22 | tree |
|
||||
| OgnlInjection.java:11:39:11:63 | expr : String | OgnlInjection.java:14:19:14:22 | tree |
|
||||
| OgnlInjection.java:11:39:11:63 | expr : String | OgnlInjection.java:16:17:16:27 | (...)... : Object |
|
||||
| OgnlInjection.java:16:17:16:27 | (...)... : Object | OgnlInjection.java:17:5:17:8 | node |
|
||||
| OgnlInjection.java:16:17:16:27 | (...)... : Object | OgnlInjection.java:18:5:18:8 | node |
|
||||
| OgnlInjection.java:21:41:21:65 | expr : String | OgnlInjection.java:23:19:23:22 | tree |
|
||||
| OgnlInjection.java:21:41:21:65 | expr : String | OgnlInjection.java:24:19:24:22 | tree |
|
||||
| OgnlInjection.java:21:41:21:65 | expr : String | OgnlInjection.java:26:5:26:8 | tree |
|
||||
| OgnlInjection.java:21:41:21:65 | expr : String | OgnlInjection.java:27:5:27:8 | tree |
|
||||
| OgnlInjection.java:30:40:30:64 | expr : String | OgnlInjection.java:31:19:31:22 | expr |
|
||||
| OgnlInjection.java:30:40:30:64 | expr : String | OgnlInjection.java:32:19:32:22 | expr |
|
||||
| OgnlInjection.java:35:26:35:50 | expr : String | OgnlInjection.java:37:19:37:22 | expr |
|
||||
| OgnlInjection.java:35:26:35:50 | expr : String | OgnlInjection.java:38:19:38:22 | expr |
|
||||
| OgnlInjection.java:35:26:35:50 | expr : String | OgnlInjection.java:39:31:39:34 | expr |
|
||||
| OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:17:19:17:22 | tree |
|
||||
| OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:18:19:18:22 | tree |
|
||||
| OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:20:17:20:27 | (...)... : Object |
|
||||
| OgnlInjection.java:20:17:20:27 | (...)... : Object | OgnlInjection.java:21:5:21:8 | node |
|
||||
| OgnlInjection.java:20:17:20:27 | (...)... : Object | OgnlInjection.java:22:5:22:8 | node |
|
||||
| OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:28:19:28:22 | tree |
|
||||
| OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:29:19:29:22 | tree |
|
||||
| OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:31:5:31:8 | tree |
|
||||
| OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:32:5:32:8 | tree |
|
||||
| OgnlInjection.java:36:40:36:64 | expr : String | OgnlInjection.java:37:19:37:22 | expr |
|
||||
| OgnlInjection.java:36:40:36:64 | expr : String | OgnlInjection.java:38:19:38:22 | expr |
|
||||
| OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:44:19:44:22 | expr |
|
||||
| OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:45:19:45:22 | expr |
|
||||
| OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:46:31:46:34 | expr |
|
||||
nodes
|
||||
| OgnlInjection.java:11:39:11:63 | expr : String | semmle.label | expr : String |
|
||||
| OgnlInjection.java:13:19:13:22 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:14:19:14:22 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:16:17:16:27 | (...)... : Object | semmle.label | (...)... : Object |
|
||||
| OgnlInjection.java:17:5:17:8 | node | semmle.label | node |
|
||||
| OgnlInjection.java:18:5:18:8 | node | semmle.label | node |
|
||||
| OgnlInjection.java:21:41:21:65 | expr : String | semmle.label | expr : String |
|
||||
| OgnlInjection.java:23:19:23:22 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:24:19:24:22 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:26:5:26:8 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:27:5:27:8 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:30:40:30:64 | expr : String | semmle.label | expr : String |
|
||||
| OgnlInjection.java:31:19:31:22 | expr | semmle.label | expr |
|
||||
| OgnlInjection.java:32:19:32:22 | expr | semmle.label | expr |
|
||||
| OgnlInjection.java:35:26:35:50 | expr : String | semmle.label | expr : String |
|
||||
| OgnlInjection.java:15:39:15:63 | expr : String | semmle.label | expr : String |
|
||||
| OgnlInjection.java:17:19:17:22 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:18:19:18:22 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:20:17:20:27 | (...)... : Object | semmle.label | (...)... : Object |
|
||||
| OgnlInjection.java:21:5:21:8 | node | semmle.label | node |
|
||||
| OgnlInjection.java:22:5:22:8 | node | semmle.label | node |
|
||||
| OgnlInjection.java:26:41:26:65 | expr : String | semmle.label | expr : String |
|
||||
| OgnlInjection.java:28:19:28:22 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:29:19:29:22 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:31:5:31:8 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:32:5:32:8 | tree | semmle.label | tree |
|
||||
| OgnlInjection.java:36:40:36:64 | expr : String | semmle.label | expr : String |
|
||||
| OgnlInjection.java:37:19:37:22 | expr | semmle.label | expr |
|
||||
| OgnlInjection.java:38:19:38:22 | expr | semmle.label | expr |
|
||||
| OgnlInjection.java:39:31:39:34 | expr | semmle.label | expr |
|
||||
| OgnlInjection.java:42:26:42:50 | expr : String | semmle.label | expr : String |
|
||||
| OgnlInjection.java:44:19:44:22 | expr | semmle.label | expr |
|
||||
| OgnlInjection.java:45:19:45:22 | expr | semmle.label | expr |
|
||||
| OgnlInjection.java:46:31:46:34 | expr | semmle.label | expr |
|
||||
#select
|
||||
| OgnlInjection.java:13:19:13:22 | tree | OgnlInjection.java:11:39:11:63 | expr : String | OgnlInjection.java:13:19:13:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:11:39:11:63 | expr | this user input |
|
||||
| OgnlInjection.java:14:19:14:22 | tree | OgnlInjection.java:11:39:11:63 | expr : String | OgnlInjection.java:14:19:14:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:11:39:11:63 | expr | this user input |
|
||||
| OgnlInjection.java:17:5:17:8 | node | OgnlInjection.java:11:39:11:63 | expr : String | OgnlInjection.java:17:5:17:8 | node | OGNL expression might include input from $@. | OgnlInjection.java:11:39:11:63 | expr | this user input |
|
||||
| OgnlInjection.java:18:5:18:8 | node | OgnlInjection.java:11:39:11:63 | expr : String | OgnlInjection.java:18:5:18:8 | node | OGNL expression might include input from $@. | OgnlInjection.java:11:39:11:63 | expr | this user input |
|
||||
| OgnlInjection.java:23:19:23:22 | tree | OgnlInjection.java:21:41:21:65 | expr : String | OgnlInjection.java:23:19:23:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:21:41:21:65 | expr | this user input |
|
||||
| OgnlInjection.java:24:19:24:22 | tree | OgnlInjection.java:21:41:21:65 | expr : String | OgnlInjection.java:24:19:24:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:21:41:21:65 | expr | this user input |
|
||||
| OgnlInjection.java:26:5:26:8 | tree | OgnlInjection.java:21:41:21:65 | expr : String | OgnlInjection.java:26:5:26:8 | tree | OGNL expression might include input from $@. | OgnlInjection.java:21:41:21:65 | expr | this user input |
|
||||
| OgnlInjection.java:27:5:27:8 | tree | OgnlInjection.java:21:41:21:65 | expr : String | OgnlInjection.java:27:5:27:8 | tree | OGNL expression might include input from $@. | OgnlInjection.java:21:41:21:65 | expr | this user input |
|
||||
| OgnlInjection.java:31:19:31:22 | expr | OgnlInjection.java:30:40:30:64 | expr : String | OgnlInjection.java:31:19:31:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:30:40:30:64 | expr | this user input |
|
||||
| OgnlInjection.java:32:19:32:22 | expr | OgnlInjection.java:30:40:30:64 | expr : String | OgnlInjection.java:32:19:32:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:30:40:30:64 | expr | this user input |
|
||||
| OgnlInjection.java:37:19:37:22 | expr | OgnlInjection.java:35:26:35:50 | expr : String | OgnlInjection.java:37:19:37:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:35:26:35:50 | expr | this user input |
|
||||
| OgnlInjection.java:38:19:38:22 | expr | OgnlInjection.java:35:26:35:50 | expr : String | OgnlInjection.java:38:19:38:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:35:26:35:50 | expr | this user input |
|
||||
| OgnlInjection.java:39:31:39:34 | expr | OgnlInjection.java:35:26:35:50 | expr : String | OgnlInjection.java:39:31:39:34 | expr | OGNL expression might include input from $@. | OgnlInjection.java:35:26:35:50 | expr | this user input |
|
||||
| OgnlInjection.java:17:19:17:22 | tree | OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:17:19:17:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:15:39:15:63 | expr | this user input |
|
||||
| OgnlInjection.java:18:19:18:22 | tree | OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:18:19:18:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:15:39:15:63 | expr | this user input |
|
||||
| OgnlInjection.java:21:5:21:8 | node | OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:21:5:21:8 | node | OGNL expression might include input from $@. | OgnlInjection.java:15:39:15:63 | expr | this user input |
|
||||
| OgnlInjection.java:22:5:22:8 | node | OgnlInjection.java:15:39:15:63 | expr : String | OgnlInjection.java:22:5:22:8 | node | OGNL expression might include input from $@. | OgnlInjection.java:15:39:15:63 | expr | this user input |
|
||||
| OgnlInjection.java:28:19:28:22 | tree | OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:28:19:28:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:26:41:26:65 | expr | this user input |
|
||||
| OgnlInjection.java:29:19:29:22 | tree | OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:29:19:29:22 | tree | OGNL expression might include input from $@. | OgnlInjection.java:26:41:26:65 | expr | this user input |
|
||||
| OgnlInjection.java:31:5:31:8 | tree | OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:31:5:31:8 | tree | OGNL expression might include input from $@. | OgnlInjection.java:26:41:26:65 | expr | this user input |
|
||||
| OgnlInjection.java:32:5:32:8 | tree | OgnlInjection.java:26:41:26:65 | expr : String | OgnlInjection.java:32:5:32:8 | tree | OGNL expression might include input from $@. | OgnlInjection.java:26:41:26:65 | expr | this user input |
|
||||
| OgnlInjection.java:37:19:37:22 | expr | OgnlInjection.java:36:40:36:64 | expr : String | OgnlInjection.java:37:19:37:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:36:40:36:64 | expr | this user input |
|
||||
| OgnlInjection.java:38:19:38:22 | expr | OgnlInjection.java:36:40:36:64 | expr : String | OgnlInjection.java:38:19:38:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:36:40:36:64 | expr | this user input |
|
||||
| OgnlInjection.java:44:19:44:22 | expr | OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:44:19:44:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:42:26:42:50 | expr | this user input |
|
||||
| OgnlInjection.java:45:19:45:22 | expr | OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:45:19:45:22 | expr | OGNL expression might include input from $@. | OgnlInjection.java:42:26:42:50 | expr | this user input |
|
||||
| OgnlInjection.java:46:31:46:34 | expr | OgnlInjection.java:42:26:42:50 | expr : String | OgnlInjection.java:46:31:46:34 | expr | OGNL expression might include input from $@. | OgnlInjection.java:42:26:42:50 | expr | this user input |
|
||||
|
||||
@@ -5,9 +5,13 @@ import java.util.HashMap;
|
||||
|
||||
import com.opensymphony.xwork2.ognl.OgnlUtil;
|
||||
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
@Controller
|
||||
public class OgnlInjection {
|
||||
@RequestMapping
|
||||
public void testOgnlParseExpression(@RequestParam String expr) throws Exception {
|
||||
Object tree = Ognl.parseExpression(expr);
|
||||
Ognl.getValue(tree, new HashMap<>(), new Object());
|
||||
@@ -18,6 +22,7 @@ public class OgnlInjection {
|
||||
node.setValue(null, new Object(), new Object());
|
||||
}
|
||||
|
||||
@RequestMapping
|
||||
public void testOgnlCompileExpression(@RequestParam String expr) throws Exception {
|
||||
Node tree = Ognl.compileExpression(null, new Object(), expr);
|
||||
Ognl.getValue(tree, new HashMap<>(), new Object());
|
||||
@@ -27,11 +32,13 @@ public class OgnlInjection {
|
||||
tree.setValue(null, new Object(), new Object());
|
||||
}
|
||||
|
||||
@RequestMapping
|
||||
public void testOgnlDirectlyToGetSet(@RequestParam String expr) throws Exception {
|
||||
Ognl.getValue(expr, new Object());
|
||||
Ognl.setValue(expr, new Object(), new Object());
|
||||
}
|
||||
|
||||
@RequestMapping
|
||||
public void testStruts(@RequestParam String expr) throws Exception {
|
||||
OgnlUtil ognl = new OgnlUtil();
|
||||
ognl.getValue(expr, new HashMap<>(), new Object());
|
||||
|
||||
Reference in New Issue
Block a user