Draft of tests for RmiUnsafeDeserialization.ql

2026-04-30 11:15:13 +02:00 · 2021-04-15 16:18:39 +03:00
parent efa4b4f414
commit ec6186a1c5
3 changed files with 25 additions and 0 deletions
--- a/java/ql/test/experimental/query-tests/security/CWE-502/RmiUnsafeDeserialization.expected
+++ b/java/ql/test/experimental/query-tests/security/CWE-502/RmiUnsafeDeserialization.expected
--- a/java/ql/test/experimental/query-tests/security/CWE-502/RmiUnsafeDeserialization.java
+++ b/java/ql/test/experimental/query-tests/security/CWE-502/RmiUnsafeDeserialization.java
@@ -0,0 +1,24 @@
+import java.rmi.Naming;
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+import java.rmi.registry.LocateRegistry;
+import java.rmi.registry.Registry;
+
+public class RmiUnsafeDeserialization {
+    
+    // BAD (bind a remote object that has a vulnerable method that takes Object)
+    public static void testRegistryBindWithObjectParameter() throws Exception {
+        Registry registry = LocateRegistry.createRegistry(1099);
+        registry.bind("test", new RemoteObjectWithObject());
+    }
+}
+
+interface RemoteObjectWithObjectInterface extends Remote {
+
+    void take(Object obj) throws RemoteException;
+}
+
+class RemoteObjectWithObject implements RemoteObjectWithObjectInterface {
+
+    public void take(Object obj) throws RemoteException {}
+}
--- a/java/ql/test/experimental/query-tests/security/CWE-502/RmiUnsafeDeserialization.qlref
+++ b/java/ql/test/experimental/query-tests/security/CWE-502/RmiUnsafeDeserialization.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-502/RmiUnsafeDeserialization.ql
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE/CWE-502/RmiUnsafeDeserialization.ql`