hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move files from experimental

Browse Source
This commit is contained in:
Tony Torralba
2022-09-07 12:11:56 +02:00
parent 95a9faf1f9
commit cd61bd0606
19 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
java/ql/test/query-tests/security/CWE-094/PebbleSSTI.java Normal file
View File

@@ -0,0 +1,30 @@
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import java.lang.String;
import java.io.Reader;
import java.io.StringReader;
import com.mitchellbosecke.pebble.PebbleEngine;
import com.mitchellbosecke.pebble.template.*;
@Controller
public class PebbleSSTI {
String sourceName = "sourceName";
@GetMapping(value = "bad1")
public void bad1(HttpServletRequest request) {
String code = request.getParameter("code");
PebbleEngine engine = new PebbleEngine.Builder().build();
// public PebbleTemplate getTemplate(String templateName)
PebbleTemplate compiledTemplate = engine.getTemplate(code);
}
@GetMapping(value = "bad2")
public void bad2(HttpServletRequest request) {
String code = request.getParameter("code");
PebbleEngine engine = new PebbleEngine.Builder().build();
// public PebbleTemplate getLiteralTemplate(String templateName)
PebbleTemplate compiledTemplate = engine.getLiteralTemplate(code);
}
}