diff --git a/java/ql/test/query-tests/security/CWE-918/ApacheHttpClientExecuteSSRF.java b/java/ql/test/query-tests/security/CWE-918/ApacheHttpClientExecuteSSRF.java index 05d38b2b5dd..6afba48ddb7 100644 --- a/java/ql/test/query-tests/security/CWE-918/ApacheHttpClientExecuteSSRF.java +++ b/java/ql/test/query-tests/security/CWE-918/ApacheHttpClientExecuteSSRF.java @@ -1,11 +1,18 @@ import java.io.IOException; +import java.net.URI; +import org.apache.http.Header; +import org.apache.http.HeaderIterator; import org.apache.http.HttpHost; import org.apache.http.HttpRequest; +import org.apache.http.HttpResponse; +import org.apache.http.ProtocolVersion; +import org.apache.http.RequestLine; import org.apache.http.client.HttpClient; import org.apache.http.client.ResponseHandler; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.message.BasicHttpRequest; +import org.apache.http.params.HttpParams; import org.apache.http.protocol.HttpContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; @@ -22,9 +29,154 @@ public class ApacheHttpClientExecuteSSRF extends HttpServlet { HttpHost host = new HttpHost(sink); HttpRequest req = new BasicHttpRequest("GET", "/"); - HttpUriRequest uriReq = (HttpUriRequest) (Object) sink; + HttpUriRequest uriReq = new HttpUriRequest() { + @Override + public String getMethod() { + return "GET"; + } + + @Override + public URI getURI() { + return URI.create("https://" + sink); + } + + @Override + public void abort() throws UnsupportedOperationException { + } + + @Override + public boolean isAborted() { + return false; + } + + @Override + public RequestLine getRequestLine() { + return null; + } + + @Override + public ProtocolVersion getProtocolVersion() { + return null; + } + + @Override + public boolean containsHeader(String name) { + return false; + } + + @Override + public Header[] getHeaders(String name) { + return null; + } + + @Override + public Header getFirstHeader(String name) { + return null; + } + + @Override + public Header getLastHeader(String name) { + return null; + } + + @Override + public Header[] getAllHeaders() { + return null; + } + + @Override + public void addHeader(Header header) { + } + + @Override + public void addHeader(String name, String value) { + } + + @Override + public void setHeader(Header header) { + } + + @Override + public void setHeader(String name, String value) { + } + + @Override + public void setHeaders(Header[] headers) { + } + + @Override + public void removeHeader(Header header) { + } + + @Override + public void removeHeaders(String name) { + } + + @Override + public HeaderIterator headerIterator() { + return null; + } + + @Override + public HeaderIterator headerIterator(String name) { + return null; + } + + @Override + public HttpParams getParams() { + return null; + } + + @Override + public void setParams(HttpParams params) { + } + }; HttpContext context = null; - HttpClient client = null; + HttpClient client = new HttpClient() { + @Override + public HttpResponse execute(HttpHost target, HttpRequest request) throws IOException { + return null; + } + + @Override + public HttpResponse execute(HttpHost target, HttpRequest request, HttpContext context) throws IOException { + return null; + } + + @Override + public T execute(HttpHost target, HttpRequest request, ResponseHandler responseHandler) + throws IOException { + return null; + } + + @Override + public T execute(HttpHost target, HttpRequest request, ResponseHandler responseHandler, + HttpContext context) throws IOException { + return null; + } + + @Override + public HttpResponse execute(HttpUriRequest request) throws IOException { + return null; + } + + @Override + public HttpResponse execute(HttpUriRequest request, HttpContext context) throws IOException { + return null; + } + + @Override + public T execute(HttpUriRequest request, ResponseHandler responseHandler) + throws IOException { + return null; + } + + @Override + public T execute(HttpUriRequest request, ResponseHandler responseHandler, + HttpContext context) throws IOException { + return null; + } + }; ResponseHandler handler = null; client.execute(host, req); // $ Alert