hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Generate stubs, adapt tests

Browse Source
This commit is contained in:
Tony Torralba
2022-09-08 17:38:21 +02:00
parent cd61bd0606
commit c9728098ef
588 changed files with 16442 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/test/query-tests/security/CWE-094/FreemarkerSSTI.java
View File

@@ -11,7 +11,7 @@ import java.util.HashMap;
import freemarker.template.Template;
import freemarker.template.Configuration;
import freemarker.cache.StringTemplateLoader;
import freemarker.template.ParserConfiguration;
import freemarker.core.ParserConfiguration;
@Controller
public class FreemarkerSSTI {
@@ -121,7 +121,7 @@ public class FreemarkerSSTI {
@GetMapping(value = "bad10")
public void bad10(HttpServletRequest request) {
HashMap root = new HashMap();
HashMap<Object,Object> root = new HashMap();
String code = request.getParameter("code");
root.put("code", code);
Configuration cfg = new Configuration();

48
java/ql/test/query-tests/security/CWE-094/TemplateInjection.expected
View File

@@ -36,11 +36,19 @@ edges
| VelocitySSTI.java:59:17:59:44 | getParameter(...) : String | VelocitySSTI.java:62:42:62:45 | code : String |
| VelocitySSTI.java:62:25:62:46 | new StringReader(...) : StringReader | VelocitySSTI.java:63:25:63:30 | reader |
| VelocitySSTI.java:62:42:62:45 | code : String | VelocitySSTI.java:62:25:62:46 | new StringReader(...) : StringReader |
| VelocitySSTI.java:69:17:69:44 | getParameter(...) : String | VelocitySSTI.java:77:21:77:27 | context |
| VelocitySSTI.java:83:17:83:44 | getParameter(...) : String | VelocitySSTI.java:89:60:89:66 | context |
| VelocitySSTI.java:95:17:95:44 | getParameter(...) : String | VelocitySSTI.java:102:11:102:17 | context |
| VelocitySSTI.java:108:17:108:44 | getParameter(...) : String | VelocitySSTI.java:115:11:115:17 | context |
| VelocitySSTI.java:120:17:120:44 | getParameter(...) : String | VelocitySSTI.java:123:37:123:40 | code |
| VelocitySSTI.java:69:17:69:44 | getParameter(...) : String | VelocitySSTI.java:72:23:72:26 | code : String |
| VelocitySSTI.java:72:3:72:9 | context [post update] : AbstractContext | VelocitySSTI.java:77:21:77:27 | context |
| VelocitySSTI.java:72:23:72:26 | code : String | VelocitySSTI.java:72:3:72:9 | context [post update] : AbstractContext |
| VelocitySSTI.java:83:17:83:44 | getParameter(...) : String | VelocitySSTI.java:86:23:86:26 | code : String |
| VelocitySSTI.java:86:3:86:9 | context [post update] : AbstractContext | VelocitySSTI.java:90:52:90:58 | context |
| VelocitySSTI.java:86:23:86:26 | code : String | VelocitySSTI.java:86:3:86:9 | context [post update] : AbstractContext |
| VelocitySSTI.java:96:17:96:44 | getParameter(...) : String | VelocitySSTI.java:99:23:99:26 | code : String |
| VelocitySSTI.java:99:3:99:9 | context [post update] : AbstractContext | VelocitySSTI.java:103:11:103:17 | context |
| VelocitySSTI.java:99:23:99:26 | code : String | VelocitySSTI.java:99:3:99:9 | context [post update] : AbstractContext |
| VelocitySSTI.java:109:17:109:44 | getParameter(...) : String | VelocitySSTI.java:112:23:112:26 | code : String |
| VelocitySSTI.java:112:3:112:9 | context [post update] : AbstractContext | VelocitySSTI.java:116:11:116:17 | context |
| VelocitySSTI.java:112:23:112:26 | code : String | VelocitySSTI.java:112:3:112:9 | context [post update] : AbstractContext |
| VelocitySSTI.java:121:17:121:44 | getParameter(...) : String | VelocitySSTI.java:124:37:124:40 | code |
nodes
| FreemarkerSSTI.java:23:17:23:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| FreemarkerSSTI.java:24:19:24:40 | new StringReader(...) : StringReader | semmle.label | new StringReader(...) : StringReader |
@@ -99,15 +107,23 @@ nodes
| VelocitySSTI.java:62:42:62:45 | code : String | semmle.label | code : String |
| VelocitySSTI.java:63:25:63:30 | reader | semmle.label | reader |
| VelocitySSTI.java:69:17:69:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| VelocitySSTI.java:72:3:72:9 | context [post update] : AbstractContext | semmle.label | context [post update] : AbstractContext |
| VelocitySSTI.java:72:23:72:26 | code : String | semmle.label | code : String |
| VelocitySSTI.java:77:21:77:27 | context | semmle.label | context |
| VelocitySSTI.java:83:17:83:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| VelocitySSTI.java:89:60:89:66 | context | semmle.label | context |
| VelocitySSTI.java:95:17:95:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| VelocitySSTI.java:102:11:102:17 | context | semmle.label | context |
| VelocitySSTI.java:108:17:108:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| VelocitySSTI.java:115:11:115:17 | context | semmle.label | context |
| VelocitySSTI.java:120:17:120:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| VelocitySSTI.java:123:37:123:40 | code | semmle.label | code |
| VelocitySSTI.java:86:3:86:9 | context [post update] : AbstractContext | semmle.label | context [post update] : AbstractContext |
| VelocitySSTI.java:86:23:86:26 | code : String | semmle.label | code : String |
| VelocitySSTI.java:90:52:90:58 | context | semmle.label | context |
| VelocitySSTI.java:96:17:96:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| VelocitySSTI.java:99:3:99:9 | context [post update] : AbstractContext | semmle.label | context [post update] : AbstractContext |
| VelocitySSTI.java:99:23:99:26 | code : String | semmle.label | code : String |
| VelocitySSTI.java:103:11:103:17 | context | semmle.label | context |
| VelocitySSTI.java:109:17:109:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| VelocitySSTI.java:112:3:112:9 | context [post update] : AbstractContext | semmle.label | context [post update] : AbstractContext |
| VelocitySSTI.java:112:23:112:26 | code : String | semmle.label | code : String |
| VelocitySSTI.java:116:11:116:17 | context | semmle.label | context |
| VelocitySSTI.java:121:17:121:44 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| VelocitySSTI.java:124:37:124:40 | code | semmle.label | code |
subpaths
#select
| FreemarkerSSTI.java:27:35:27:40 | reader | FreemarkerSSTI.java:23:17:23:44 | getParameter(...) : String | FreemarkerSSTI.java:27:35:27:40 | reader | Potential arbitrary code execution due to $@. | FreemarkerSSTI.java:23:17:23:44 | getParameter(...) | a template value loaded from a remote source. |
@@ -130,7 +146,7 @@ subpaths
| VelocitySSTI.java:53:45:53:50 | reader | VelocitySSTI.java:44:17:44:44 | getParameter(...) : String | VelocitySSTI.java:53:45:53:50 | reader | Potential arbitrary code execution due to $@. | VelocitySSTI.java:44:17:44:44 | getParameter(...) | a template value loaded from a remote source. |
| VelocitySSTI.java:63:25:63:30 | reader | VelocitySSTI.java:59:17:59:44 | getParameter(...) : String | VelocitySSTI.java:63:25:63:30 | reader | Potential arbitrary code execution due to $@. | VelocitySSTI.java:59:17:59:44 | getParameter(...) | a template value loaded from a remote source. |
| VelocitySSTI.java:77:21:77:27 | context | VelocitySSTI.java:69:17:69:44 | getParameter(...) : String | VelocitySSTI.java:77:21:77:27 | context | Potential arbitrary code execution due to $@. | VelocitySSTI.java:69:17:69:44 | getParameter(...) | a template value loaded from a remote source. |
| VelocitySSTI.java:89:60:89:66 | context | VelocitySSTI.java:83:17:83:44 | getParameter(...) : String | VelocitySSTI.java:89:60:89:66 | context | Potential arbitrary code execution due to $@. | VelocitySSTI.java:83:17:83:44 | getParameter(...) | a template value loaded from a remote source. |
| VelocitySSTI.java:102:11:102:17 | context | VelocitySSTI.java:95:17:95:44 | getParameter(...) : String | VelocitySSTI.java:102:11:102:17 | context | Potential arbitrary code execution due to $@. | VelocitySSTI.java:95:17:95:44 | getParameter(...) | a template value loaded from a remote source. |
| VelocitySSTI.java:115:11:115:17 | context | VelocitySSTI.java:108:17:108:44 | getParameter(...) : String | VelocitySSTI.java:115:11:115:17 | context | Potential arbitrary code execution due to $@. | VelocitySSTI.java:108:17:108:44 | getParameter(...) | a template value loaded from a remote source. |
| VelocitySSTI.java:123:37:123:40 | code | VelocitySSTI.java:120:17:120:44 | getParameter(...) : String | VelocitySSTI.java:123:37:123:40 | code | Potential arbitrary code execution due to $@. | VelocitySSTI.java:120:17:120:44 | getParameter(...) | a template value loaded from a remote source. |
| VelocitySSTI.java:90:52:90:58 | context | VelocitySSTI.java:83:17:83:44 | getParameter(...) : String | VelocitySSTI.java:90:52:90:58 | context | Potential arbitrary code execution due to $@. | VelocitySSTI.java:83:17:83:44 | getParameter(...) | a template value loaded from a remote source. |
| VelocitySSTI.java:103:11:103:17 | context | VelocitySSTI.java:96:17:96:44 | getParameter(...) : String | VelocitySSTI.java:103:11:103:17 | context | Potential arbitrary code execution due to $@. | VelocitySSTI.java:96:17:96:44 | getParameter(...) | a template value loaded from a remote source. |
| VelocitySSTI.java:116:11:116:17 | context | VelocitySSTI.java:109:17:109:44 | getParameter(...) : String | VelocitySSTI.java:116:11:116:17 | context | Potential arbitrary code execution due to $@. | VelocitySSTI.java:109:17:109:44 | getParameter(...) | a template value loaded from a remote source. |
| VelocitySSTI.java:124:37:124:40 | code | VelocitySSTI.java:121:17:121:44 | getParameter(...) : String | VelocitySSTI.java:124:37:124:40 | code | Potential arbitrary code execution due to $@. | VelocitySSTI.java:121:17:121:44 | getParameter(...) | a template value loaded from a remote source. |

5
java/ql/test/query-tests/security/CWE-094/VelocitySSTI.java
View File

@@ -58,7 +58,7 @@ public class VelocitySSTI {
String name = "ttemplate";
String code = request.getParameter("code");
RuntimeServices runtimeServices = new RuntimeServices();
RuntimeServices runtimeServices = null;
StringReader reader = new StringReader(code);
runtimeServices.parse(reader, new Template());
}
@@ -86,7 +86,8 @@ public class VelocitySSTI {
context.put("code", code);
StringWriter w = new StringWriter();
VelocityEngine.mergeTemplate("testtemplate.vm", "UTF-8", context, w);
VelocityEngine engine = null;
engine.mergeTemplate("testtemplate.vm", "UTF-8", context, w);
}
@GetMapping(value = "bad6")

2
java/ql/test/query-tests/security/CWE-094/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../stubs/apache-commons-logging-1.2:${testdir}/../../../stubs/mvel2-2.4.7:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/scriptengine:${testdir}/../../../stubs/jsr223-api:${testdir}/../../../experimental/stubs/apache-freemarker-2.3.31:${testdir}/../../../experimental/stubs/jinjava-2.6.0:${testdir}/../../../experimental/stubs/pebble-3.1.5:${testdir}/../../../experimental/stubs/thymeleaf-3.0.14:${testdir}/../../../experimental/stubs/apache-velocity-2.3
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../stubs/apache-commons-logging-1.2:${testdir}/../../../stubs/mvel2-2.4.7:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/scriptengine:${testdir}/../../../stubs/jsr223-api:${testdir}/../../../stubs/apache-freemarker-2.3.31:${testdir}/../../../stubs/jinjava-2.6.0:${testdir}/../../../stubs/pebble-3.1.5:${testdir}/../../../stubs/thymeleaf-3.0.14:${testdir}/../../../stubs/apache-velocity-2.3