Fix bad models, add tests for those

2026-04-28 02:05:14 +02:00 · 2022-09-09 10:08:52 +02:00
parent 6413de6c20
commit d748fb5648
3 changed files with 7 additions and 3 deletions
--- a/java/ql/test/query-tests/security/CWE-094/VelocitySSTI.java
+++ b/java/ql/test/query-tests/security/CWE-094/VelocitySSTI.java
@@ -86,6 +86,10 @@ public class VelocitySSTI {
 		StringWriter w = new StringWriter();
 		VelocityEngine engine = null;
 		engine.mergeTemplate("testtemplate.vm", "UTF-8", context, w); // $hasTemplateInjection
+		AbstractContext ctx = null;
+		ctx.put("key", code);
+		engine.evaluate(ctx, null, null, null); // $hasTemplateInjection
+		engine.evaluate(null, null, null, code); // $hasTemplateInjection
 	}

 	@GetMapping(value = "bad6")