hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

add test case

Browse Source
This commit is contained in:
haby0
2021-09-15 19:44:23 +08:00
parent 99c8b291b2
commit d36a7ed10e
6 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.xml
View File

@@ -67,4 +67,9 @@
-- good
select id,name from test where id = ${id}
</select>
<select id="good2" parameterType="java.lang.String" resultMap="BaseResultMap">
-- good
select id,name from test where name = #{name}
</select>
</mapper>

7
java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisMapperXmlSqlInjection.expected
View File

@@ -15,6 +15,8 @@ edges
| MybatisSqlInjection.java:53:35:53:40 | params : List | MybatisSqlInjectionService.java:39:19:39:37 | params : List |
| MybatisSqlInjection.java:57:19:57:46 | params : String[] | MybatisSqlInjection.java:58:35:58:40 | params : String[] |
| MybatisSqlInjection.java:58:35:58:40 | params : String[] | MybatisSqlInjectionService.java:43:19:43:33 | params : String[] |
| MybatisSqlInjection.java:68:26:68:36 | name : String | MybatisSqlInjection.java:69:56:69:59 | name : String |
| MybatisSqlInjection.java:69:56:69:59 | name : String | MybatisSqlInjectionService.java:52:26:52:36 | name : String |
| MybatisSqlInjectionService.java:12:25:12:35 | name : String | MybatisSqlInjectionService.java:13:47:13:50 | name |
| MybatisSqlInjectionService.java:17:25:17:35 | name : String | MybatisSqlInjectionService.java:18:47:18:50 | name |
| MybatisSqlInjectionService.java:22:25:22:33 | test : Test | MybatisSqlInjectionService.java:23:47:23:50 | test |
@@ -23,6 +25,7 @@ edges
| MybatisSqlInjectionService.java:35:19:35:44 | params : Map | MybatisSqlInjectionService.java:36:27:36:32 | params |
| MybatisSqlInjectionService.java:39:19:39:37 | params : List | MybatisSqlInjectionService.java:40:27:40:32 | params |
| MybatisSqlInjectionService.java:43:19:43:33 | params : String[] | MybatisSqlInjectionService.java:44:27:44:32 | params |
| MybatisSqlInjectionService.java:52:26:52:36 | name : String | MybatisSqlInjectionService.java:53:48:53:51 | name |
nodes
| MybatisSqlInjection.java:19:25:19:49 | name : String | semmle.label | name : String |
| MybatisSqlInjection.java:20:55:20:58 | name : String | semmle.label | name : String |
@@ -40,6 +43,8 @@ nodes
| MybatisSqlInjection.java:53:35:53:40 | params : List | semmle.label | params : List |
| MybatisSqlInjection.java:57:19:57:46 | params : String[] | semmle.label | params : String[] |
| MybatisSqlInjection.java:58:35:58:40 | params : String[] | semmle.label | params : String[] |
| MybatisSqlInjection.java:68:26:68:36 | name : String | semmle.label | name : String |
| MybatisSqlInjection.java:69:56:69:59 | name : String | semmle.label | name : String |
| MybatisSqlInjectionService.java:12:25:12:35 | name : String | semmle.label | name : String |
| MybatisSqlInjectionService.java:13:47:13:50 | name | semmle.label | name |
| MybatisSqlInjectionService.java:17:25:17:35 | name : String | semmle.label | name : String |
@@ -56,6 +61,8 @@ nodes
| MybatisSqlInjectionService.java:40:27:40:32 | params | semmle.label | params |
| MybatisSqlInjectionService.java:43:19:43:33 | params : String[] | semmle.label | params : String[] |
| MybatisSqlInjectionService.java:44:27:44:32 | params | semmle.label | params |
| MybatisSqlInjectionService.java:52:26:52:36 | name : String | semmle.label | name : String |
| MybatisSqlInjectionService.java:53:48:53:51 | name | semmle.label | name |
#select
| MybatisSqlInjectionService.java:13:47:13:50 | name | MybatisSqlInjection.java:19:25:19:49 | name : String | MybatisSqlInjectionService.java:13:47:13:50 | name | MyBatis Mapper XML sql injection might include code from $@ to $@. | MybatisSqlInjection.java:19:25:19:49 | name | this user input | SqlInjectionMapper.xml:23:3:25:12 | select | this sql operation |
| MybatisSqlInjectionService.java:18:47:18:50 | name | MybatisSqlInjection.java:25:25:25:49 | name : String | MybatisSqlInjectionService.java:18:47:18:50 | name | MyBatis Mapper XML sql injection might include code from $@ to $@. | MybatisSqlInjection.java:25:25:25:49 | name | this user input | SqlInjectionMapper.xml:27:3:29:12 | select | this sql operation |

8
java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java
View File

@@ -54,7 +54,7 @@ public class MybatisSqlInjection {
}
@RequestMapping(value = "msi8", method = RequestMethod.POST, produces = "application/json")
public void bad7(@RequestBody String[] params) {
public void bad8(@RequestBody String[] params) {
mybatisSqlInjectionService.bad8(params);
}
@@ -63,4 +63,10 @@ public class MybatisSqlInjection {
List<Test> result = mybatisSqlInjectionService.good1(id);
return result;
}
@GetMapping(value = "good2")
public List<Test> good2(String name) {
List<Test> result = mybatisSqlInjectionService.good2(name);
return result;
}
}

5
java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java
View File

@@ -48,4 +48,9 @@ public class MybatisSqlInjectionService {
List<Test> result = sqlInjectionMapper.good1(id);
return result;
}
public List<Test> good2(String name) {
List<Test> result = sqlInjectionMapper.good2(name);
return result;
}
}

2
java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.java
View File

@@ -25,4 +25,6 @@ public interface SqlInjectionMapper {
void bad8(String[] params);
List<Test> good1(Integer id);
List<Test> good2(String name);
}

4
java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.xml
View File

@@ -77,4 +77,8 @@
<select id="good1" parameterType="java.lang.Integer" resultMap="BaseResultMap">
select id,name from test where id = ${id}
</select>
<select id="good2" parameterType="java.lang.String" resultMap="BaseResultMap">
select id,name from test where name = #{name}
</select>
</mapper>