mirror of
https://github.com/github/codeql.git
synced 2026-04-29 18:55:14 +02:00
Merge pull request #3288 from ggolawski/jndi-injection
CodeQL query to detect JNDI injections
This commit is contained in:
Anders Schack-Mulligen
@@ -0,0 +1,180 @@
|
||||
edges
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:30:16:30:22 | nameStr |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:31:20:31:26 | nameStr |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:32:29:32:35 | nameStr |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:33:16:33:22 | nameStr |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:34:14:34:20 | nameStr |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:35:22:35:28 | nameStr |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:37:16:37:19 | name |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:38:20:38:23 | name |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:39:29:39:32 | name |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:40:16:40:19 | name |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:41:14:41:17 | name |
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:42:22:42:25 | name |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:49:16:49:22 | nameStr |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:50:20:50:26 | nameStr |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:51:16:51:22 | nameStr |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:52:14:52:20 | nameStr |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:53:22:53:28 | nameStr |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:55:16:55:19 | name |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:56:20:56:23 | name |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:57:16:57:19 | name |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:58:14:58:17 | name |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:59:22:59:25 | name |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:66:16:66:22 | nameStr |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:67:20:67:26 | nameStr |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:68:16:68:22 | nameStr |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:69:14:69:20 | nameStr |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:70:22:70:28 | nameStr |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:72:16:72:19 | name |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:73:20:73:23 | name |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:74:16:74:19 | name |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:75:14:75:17 | name |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:76:22:76:25 | name |
|
||||
| JndiInjection.java:79:42:79:69 | nameStr : String | JndiInjection.java:82:16:82:22 | nameStr |
|
||||
| JndiInjection.java:79:42:79:69 | nameStr : String | JndiInjection.java:83:16:83:22 | nameStr |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:90:16:90:22 | nameStr |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:91:23:91:29 | nameStr |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:92:18:92:21 | name |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:93:16:93:19 | name |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:94:14:94:17 | name |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:95:22:95:25 | name |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:96:16:96:22 | nameStr |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:98:16:98:22 | nameStr |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:99:16:99:22 | nameStr |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:100:16:100:22 | nameStr |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:101:16:101:22 | nameStr |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:103:25:103:31 | nameStr |
|
||||
| JndiInjection.java:106:41:106:68 | nameStr : String | JndiInjection.java:109:16:109:22 | nameStr |
|
||||
| JndiInjection.java:106:41:106:68 | nameStr : String | JndiInjection.java:110:16:110:22 | nameStr |
|
||||
| JndiInjection.java:113:37:113:63 | urlStr : String | JndiInjection.java:114:33:114:57 | new JMXServiceURL(...) |
|
||||
| JndiInjection.java:113:37:113:63 | urlStr : String | JndiInjection.java:118:5:118:13 | connector |
|
||||
| JndiInjection.java:121:27:121:53 | urlStr : String | JndiInjection.java:124:35:124:40 | urlStr |
|
||||
| JndiInjection.java:128:27:128:53 | urlStr : String | JndiInjection.java:131:41:131:46 | urlStr |
|
||||
| JndiInjection.java:135:52:135:78 | urlStr : String | JndiInjection.java:138:37:138:42 | urlStr |
|
||||
| JndiInjection.java:142:52:142:78 | urlStr : String | JndiInjection.java:145:51:145:56 | urlStr |
|
||||
| JndiInjection.java:149:52:149:78 | urlStr : String | JndiInjection.java:152:51:152:56 | urlStr |
|
||||
nodes
|
||||
| JndiInjection.java:26:38:26:65 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:30:16:30:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:31:20:31:26 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:32:29:32:35 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:33:16:33:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:34:14:34:20 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:35:22:35:28 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:37:16:37:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:38:20:38:23 | name | semmle.label | name |
|
||||
| JndiInjection.java:39:29:39:32 | name | semmle.label | name |
|
||||
| JndiInjection.java:40:16:40:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:41:14:41:17 | name | semmle.label | name |
|
||||
| JndiInjection.java:42:22:42:25 | name | semmle.label | name |
|
||||
| JndiInjection.java:45:41:45:68 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:49:16:49:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:50:20:50:26 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:51:16:51:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:52:14:52:20 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:53:22:53:28 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:55:16:55:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:56:20:56:23 | name | semmle.label | name |
|
||||
| JndiInjection.java:57:16:57:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:58:14:58:17 | name | semmle.label | name |
|
||||
| JndiInjection.java:59:22:59:25 | name | semmle.label | name |
|
||||
| JndiInjection.java:62:42:62:69 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:66:16:66:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:67:20:67:26 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:68:16:68:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:69:14:69:20 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:70:22:70:28 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:72:16:72:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:73:20:73:23 | name | semmle.label | name |
|
||||
| JndiInjection.java:74:16:74:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:75:14:75:17 | name | semmle.label | name |
|
||||
| JndiInjection.java:76:22:76:25 | name | semmle.label | name |
|
||||
| JndiInjection.java:79:42:79:69 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:82:16:82:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:83:16:83:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:86:42:86:69 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:90:16:90:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:91:23:91:29 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:92:18:92:21 | name | semmle.label | name |
|
||||
| JndiInjection.java:93:16:93:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:94:14:94:17 | name | semmle.label | name |
|
||||
| JndiInjection.java:95:22:95:25 | name | semmle.label | name |
|
||||
| JndiInjection.java:96:16:96:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:98:16:98:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:99:16:99:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:100:16:100:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:101:16:101:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:103:25:103:31 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:106:41:106:68 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:109:16:109:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:110:16:110:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:113:37:113:63 | urlStr : String | semmle.label | urlStr : String |
|
||||
| JndiInjection.java:114:33:114:57 | new JMXServiceURL(...) | semmle.label | new JMXServiceURL(...) |
|
||||
| JndiInjection.java:118:5:118:13 | connector | semmle.label | connector |
|
||||
| JndiInjection.java:121:27:121:53 | urlStr : String | semmle.label | urlStr : String |
|
||||
| JndiInjection.java:124:35:124:40 | urlStr | semmle.label | urlStr |
|
||||
| JndiInjection.java:128:27:128:53 | urlStr : String | semmle.label | urlStr : String |
|
||||
| JndiInjection.java:131:41:131:46 | urlStr | semmle.label | urlStr |
|
||||
| JndiInjection.java:135:52:135:78 | urlStr : String | semmle.label | urlStr : String |
|
||||
| JndiInjection.java:138:37:138:42 | urlStr | semmle.label | urlStr |
|
||||
| JndiInjection.java:142:52:142:78 | urlStr : String | semmle.label | urlStr : String |
|
||||
| JndiInjection.java:145:51:145:56 | urlStr | semmle.label | urlStr |
|
||||
| JndiInjection.java:149:52:149:78 | urlStr : String | semmle.label | urlStr : String |
|
||||
| JndiInjection.java:152:51:152:56 | urlStr | semmle.label | urlStr |
|
||||
#select
|
||||
| JndiInjection.java:30:16:30:22 | nameStr | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:30:16:30:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:31:20:31:26 | nameStr | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:31:20:31:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:32:29:32:35 | nameStr | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:32:29:32:35 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:33:16:33:22 | nameStr | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:33:16:33:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:34:14:34:20 | nameStr | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:34:14:34:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:35:22:35:28 | nameStr | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:35:22:35:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:37:16:37:19 | name | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:37:16:37:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:38:20:38:23 | name | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:38:20:38:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:39:29:39:32 | name | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:39:29:39:32 | name | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:40:16:40:19 | name | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:40:16:40:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:41:14:41:17 | name | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:41:14:41:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:42:22:42:25 | name | JndiInjection.java:26:38:26:65 | nameStr : String | JndiInjection.java:42:22:42:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:26:38:26:65 | nameStr | this user input |
|
||||
| JndiInjection.java:49:16:49:22 | nameStr | JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:49:16:49:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:45:41:45:68 | nameStr | this user input |
|
||||
| JndiInjection.java:50:20:50:26 | nameStr | JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:50:20:50:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:45:41:45:68 | nameStr | this user input |
|
||||
| JndiInjection.java:51:16:51:22 | nameStr | JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:51:16:51:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:45:41:45:68 | nameStr | this user input |
|
||||
| JndiInjection.java:52:14:52:20 | nameStr | JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:52:14:52:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:45:41:45:68 | nameStr | this user input |
|
||||
| JndiInjection.java:53:22:53:28 | nameStr | JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:53:22:53:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:45:41:45:68 | nameStr | this user input |
|
||||
| JndiInjection.java:55:16:55:19 | name | JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:55:16:55:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:45:41:45:68 | nameStr | this user input |
|
||||
| JndiInjection.java:56:20:56:23 | name | JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:56:20:56:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:45:41:45:68 | nameStr | this user input |
|
||||
| JndiInjection.java:57:16:57:19 | name | JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:57:16:57:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:45:41:45:68 | nameStr | this user input |
|
||||
| JndiInjection.java:58:14:58:17 | name | JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:58:14:58:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:45:41:45:68 | nameStr | this user input |
|
||||
| JndiInjection.java:59:22:59:25 | name | JndiInjection.java:45:41:45:68 | nameStr : String | JndiInjection.java:59:22:59:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:45:41:45:68 | nameStr | this user input |
|
||||
| JndiInjection.java:66:16:66:22 | nameStr | JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:66:16:66:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:62:42:62:69 | nameStr | this user input |
|
||||
| JndiInjection.java:67:20:67:26 | nameStr | JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:67:20:67:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:62:42:62:69 | nameStr | this user input |
|
||||
| JndiInjection.java:68:16:68:22 | nameStr | JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:68:16:68:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:62:42:62:69 | nameStr | this user input |
|
||||
| JndiInjection.java:69:14:69:20 | nameStr | JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:69:14:69:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:62:42:62:69 | nameStr | this user input |
|
||||
| JndiInjection.java:70:22:70:28 | nameStr | JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:70:22:70:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:62:42:62:69 | nameStr | this user input |
|
||||
| JndiInjection.java:72:16:72:19 | name | JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:72:16:72:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:62:42:62:69 | nameStr | this user input |
|
||||
| JndiInjection.java:73:20:73:23 | name | JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:73:20:73:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:62:42:62:69 | nameStr | this user input |
|
||||
| JndiInjection.java:74:16:74:19 | name | JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:74:16:74:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:62:42:62:69 | nameStr | this user input |
|
||||
| JndiInjection.java:75:14:75:17 | name | JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:75:14:75:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:62:42:62:69 | nameStr | this user input |
|
||||
| JndiInjection.java:76:22:76:25 | name | JndiInjection.java:62:42:62:69 | nameStr : String | JndiInjection.java:76:22:76:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:62:42:62:69 | nameStr | this user input |
|
||||
| JndiInjection.java:82:16:82:22 | nameStr | JndiInjection.java:79:42:79:69 | nameStr : String | JndiInjection.java:82:16:82:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:79:42:79:69 | nameStr | this user input |
|
||||
| JndiInjection.java:83:16:83:22 | nameStr | JndiInjection.java:79:42:79:69 | nameStr : String | JndiInjection.java:83:16:83:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:79:42:79:69 | nameStr | this user input |
|
||||
| JndiInjection.java:90:16:90:22 | nameStr | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:90:16:90:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:91:23:91:29 | nameStr | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:91:23:91:29 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:92:18:92:21 | name | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:92:18:92:21 | name | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:93:16:93:19 | name | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:93:16:93:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:94:14:94:17 | name | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:94:14:94:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:95:22:95:25 | name | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:95:22:95:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:96:16:96:22 | nameStr | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:96:16:96:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:98:16:98:22 | nameStr | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:98:16:98:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:99:16:99:22 | nameStr | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:99:16:99:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:100:16:100:22 | nameStr | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:100:16:100:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:101:16:101:22 | nameStr | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:101:16:101:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:103:25:103:31 | nameStr | JndiInjection.java:86:42:86:69 | nameStr : String | JndiInjection.java:103:25:103:31 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:86:42:86:69 | nameStr | this user input |
|
||||
| JndiInjection.java:109:16:109:22 | nameStr | JndiInjection.java:106:41:106:68 | nameStr : String | JndiInjection.java:109:16:109:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:106:41:106:68 | nameStr | this user input |
|
||||
| JndiInjection.java:110:16:110:22 | nameStr | JndiInjection.java:106:41:106:68 | nameStr : String | JndiInjection.java:110:16:110:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:106:41:106:68 | nameStr | this user input |
|
||||
| JndiInjection.java:114:33:114:57 | new JMXServiceURL(...) | JndiInjection.java:113:37:113:63 | urlStr : String | JndiInjection.java:114:33:114:57 | new JMXServiceURL(...) | JNDI lookup might include name from $@. | JndiInjection.java:113:37:113:63 | urlStr | this user input |
|
||||
| JndiInjection.java:118:5:118:13 | connector | JndiInjection.java:113:37:113:63 | urlStr : String | JndiInjection.java:118:5:118:13 | connector | JNDI lookup might include name from $@. | JndiInjection.java:113:37:113:63 | urlStr | this user input |
|
||||
| JndiInjection.java:124:35:124:40 | urlStr | JndiInjection.java:121:27:121:53 | urlStr : String | JndiInjection.java:124:35:124:40 | urlStr | JNDI lookup might include name from $@. | JndiInjection.java:121:27:121:53 | urlStr | this user input |
|
||||
| JndiInjection.java:131:41:131:46 | urlStr | JndiInjection.java:128:27:128:53 | urlStr : String | JndiInjection.java:131:41:131:46 | urlStr | JNDI lookup might include name from $@. | JndiInjection.java:128:27:128:53 | urlStr | this user input |
|
||||
| JndiInjection.java:138:37:138:42 | urlStr | JndiInjection.java:135:52:135:78 | urlStr : String | JndiInjection.java:138:37:138:42 | urlStr | JNDI lookup might include name from $@. | JndiInjection.java:135:52:135:78 | urlStr | this user input |
|
||||
| JndiInjection.java:145:51:145:56 | urlStr | JndiInjection.java:142:52:142:78 | urlStr : String | JndiInjection.java:145:51:145:56 | urlStr | JNDI lookup might include name from $@. | JndiInjection.java:142:52:142:78 | urlStr | this user input |
|
||||
| JndiInjection.java:152:51:152:56 | urlStr | JndiInjection.java:149:52:149:78 | urlStr : String | JndiInjection.java:152:51:152:56 | urlStr | JNDI lookup might include name from $@. | JndiInjection.java:149:52:149:78 | urlStr | this user input |
|
||||
@@ -0,0 +1,191 @@
|
||||
import java.io.IOException;
|
||||
import java.util.Hashtable;
|
||||
import java.util.Properties;
|
||||
|
||||
import javax.management.remote.JMXConnector;
|
||||
import javax.management.remote.JMXConnectorFactory;
|
||||
import javax.management.remote.JMXServiceURL;
|
||||
import javax.naming.CompositeName;
|
||||
import javax.naming.CompoundName;
|
||||
import javax.naming.Context;
|
||||
import javax.naming.InitialContext;
|
||||
import javax.naming.Name;
|
||||
import javax.naming.NamingException;
|
||||
import javax.naming.directory.InitialDirContext;
|
||||
import javax.naming.directory.SearchControls;
|
||||
import javax.naming.ldap.InitialLdapContext;
|
||||
|
||||
import org.springframework.jndi.JndiTemplate;
|
||||
import org.springframework.ldap.core.AttributesMapper;
|
||||
import org.springframework.ldap.core.ContextMapper;
|
||||
import org.springframework.ldap.core.LdapTemplate;
|
||||
import org.springframework.ldap.core.NameClassPairCallbackHandler;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
|
||||
public class JndiInjection {
|
||||
public void testInitialContextBad1(@RequestParam String nameStr) throws NamingException {
|
||||
Name name = new CompositeName(nameStr);
|
||||
InitialContext ctx = new InitialContext();
|
||||
|
||||
ctx.lookup(nameStr);
|
||||
ctx.lookupLink(nameStr);
|
||||
InitialContext.doLookup(nameStr);
|
||||
ctx.rename(nameStr, "");
|
||||
ctx.list(nameStr);
|
||||
ctx.listBindings(nameStr);
|
||||
|
||||
ctx.lookup(name);
|
||||
ctx.lookupLink(name);
|
||||
InitialContext.doLookup(name);
|
||||
ctx.rename(name, null);
|
||||
ctx.list(name);
|
||||
ctx.listBindings(name);
|
||||
}
|
||||
|
||||
public void testInitialDirContextBad1(@RequestParam String nameStr) throws NamingException {
|
||||
Name name = new CompoundName(nameStr, new Properties());
|
||||
InitialDirContext ctx = new InitialDirContext();
|
||||
|
||||
ctx.lookup(nameStr);
|
||||
ctx.lookupLink(nameStr);
|
||||
ctx.rename(nameStr, "");
|
||||
ctx.list(nameStr);
|
||||
ctx.listBindings(nameStr);
|
||||
|
||||
ctx.lookup(name);
|
||||
ctx.lookupLink(name);
|
||||
ctx.rename(name, null);
|
||||
ctx.list(name);
|
||||
ctx.listBindings(name);
|
||||
}
|
||||
|
||||
public void testInitialLdapContextBad1(@RequestParam String nameStr) throws NamingException {
|
||||
Name name = new CompositeName(nameStr);
|
||||
InitialLdapContext ctx = new InitialLdapContext();
|
||||
|
||||
ctx.lookup(nameStr);
|
||||
ctx.lookupLink(nameStr);
|
||||
ctx.rename(nameStr, "");
|
||||
ctx.list(nameStr);
|
||||
ctx.listBindings(nameStr);
|
||||
|
||||
ctx.lookup(name);
|
||||
ctx.lookupLink(name);
|
||||
ctx.rename(name, null);
|
||||
ctx.list(name);
|
||||
ctx.listBindings(name);
|
||||
}
|
||||
|
||||
public void testSpringJndiTemplateBad1(@RequestParam String nameStr) throws NamingException {
|
||||
JndiTemplate ctx = new JndiTemplate();
|
||||
|
||||
ctx.lookup(nameStr);
|
||||
ctx.lookup(nameStr, null);
|
||||
}
|
||||
|
||||
public void testSpringLdapTemplateBad1(@RequestParam String nameStr) throws NamingException {
|
||||
LdapTemplate ctx = new LdapTemplate();
|
||||
Name name = new CompositeName(nameStr);
|
||||
|
||||
ctx.lookup(nameStr);
|
||||
ctx.lookupContext(nameStr);
|
||||
ctx.findByDn(name, null);
|
||||
ctx.rename(name, null);
|
||||
ctx.list(name);
|
||||
ctx.listBindings(name);
|
||||
ctx.unbind(nameStr, true);
|
||||
|
||||
ctx.search(nameStr, "", 0, true, null);
|
||||
ctx.search(nameStr, "", 0, new String[] {}, (ContextMapper<Object>) new Object());
|
||||
ctx.search(nameStr, "", 0, (ContextMapper<Object>) new Object());
|
||||
ctx.search(nameStr, "", (ContextMapper) new Object());
|
||||
|
||||
ctx.searchForObject(nameStr, "", (ContextMapper) new Object());
|
||||
}
|
||||
|
||||
public void testShiroJndiTemplateBad1(@RequestParam String nameStr) throws NamingException {
|
||||
org.apache.shiro.jndi.JndiTemplate ctx = new org.apache.shiro.jndi.JndiTemplate();
|
||||
|
||||
ctx.lookup(nameStr);
|
||||
ctx.lookup(nameStr, null);
|
||||
}
|
||||
|
||||
public void testJMXServiceUrlBad1(@RequestParam String urlStr) throws IOException {
|
||||
JMXConnectorFactory.connect(new JMXServiceURL(urlStr));
|
||||
|
||||
JMXServiceURL url = new JMXServiceURL(urlStr);
|
||||
JMXConnector connector = JMXConnectorFactory.newJMXConnector(url, null);
|
||||
connector.connect();
|
||||
}
|
||||
|
||||
public void testEnvBad1(@RequestParam String urlStr) throws NamingException {
|
||||
Hashtable<String, String> env = new Hashtable<String, String>();
|
||||
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
|
||||
env.put(Context.PROVIDER_URL, urlStr);
|
||||
new InitialContext(env);
|
||||
}
|
||||
|
||||
public void testEnvBad2(@RequestParam String urlStr) throws NamingException {
|
||||
Hashtable<String, String> env = new Hashtable<String, String>();
|
||||
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
|
||||
env.put("java.naming.provider.url", urlStr);
|
||||
new InitialDirContext(env);
|
||||
}
|
||||
|
||||
public void testSpringJndiTemplatePropertiesBad1(@RequestParam String urlStr) throws NamingException {
|
||||
Properties props = new Properties();
|
||||
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
|
||||
props.put(Context.PROVIDER_URL, urlStr);
|
||||
new JndiTemplate(props);
|
||||
}
|
||||
|
||||
public void testSpringJndiTemplatePropertiesBad2(@RequestParam String urlStr) throws NamingException {
|
||||
Properties props = new Properties();
|
||||
props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
|
||||
props.setProperty("java.naming.provider.url", urlStr);
|
||||
new JndiTemplate(props);
|
||||
}
|
||||
|
||||
public void testSpringJndiTemplatePropertiesBad3(@RequestParam String urlStr) throws NamingException {
|
||||
Properties props = new Properties();
|
||||
props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
|
||||
props.setProperty("java.naming.provider.url", urlStr);
|
||||
JndiTemplate template = new JndiTemplate();
|
||||
template.setEnvironment(props);
|
||||
}
|
||||
|
||||
public void testSpringLdapTemplateOk1(@RequestParam String nameStr) throws NamingException {
|
||||
LdapTemplate ctx = new LdapTemplate();
|
||||
|
||||
ctx.unbind(nameStr);
|
||||
ctx.unbind(nameStr, false);
|
||||
|
||||
ctx.search(nameStr, "", 0, false, null);
|
||||
ctx.search(nameStr, "", new SearchControls(), (NameClassPairCallbackHandler) new Object());
|
||||
ctx.search(nameStr, "", new SearchControls(), (NameClassPairCallbackHandler) new Object(), null);
|
||||
ctx.search(nameStr, "", (NameClassPairCallbackHandler) new Object());
|
||||
ctx.search(nameStr, "", 0, new String[] {}, (AttributesMapper<Object>) new Object());
|
||||
ctx.search(nameStr, "", 0, (AttributesMapper<Object>) new Object());
|
||||
ctx.search(nameStr, "", (AttributesMapper) new Object());
|
||||
ctx.search(nameStr, "", new SearchControls(), (ContextMapper) new Object());
|
||||
ctx.search(nameStr, "", new SearchControls(), (AttributesMapper) new Object());
|
||||
ctx.search(nameStr, "", new SearchControls(), (ContextMapper) new Object(), null);
|
||||
ctx.search(nameStr, "", new SearchControls(), (AttributesMapper) new Object(), null);
|
||||
|
||||
ctx.searchForObject(nameStr, "", new SearchControls(), (ContextMapper) new Object());
|
||||
}
|
||||
|
||||
public void testEnvOk1(@RequestParam String urlStr) throws NamingException {
|
||||
Hashtable<String, String> env = new Hashtable<String, String>();
|
||||
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
|
||||
env.put(Context.SECURITY_PRINCIPAL, urlStr);
|
||||
new InitialContext(env);
|
||||
}
|
||||
|
||||
public void testEnvOk2(@RequestParam String urlStr) throws NamingException {
|
||||
Hashtable<String, String> env = new Hashtable<String, String>();
|
||||
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.rmi.registry.RegistryContextFactory");
|
||||
env.put("java.naming.security.principal", urlStr);
|
||||
new InitialContext(env);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security/CWE/CWE-074/JndiInjection.ql
|
||||
@@ -0,0 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../stubs/spring-ldap-2.3.2
|
||||
Reference in New Issue
Block a user