Merge pull request #3141 from pwntester/InsecureBeanValidation

Insecure Bean Validation query
2026-04-27 17:55:19 +02:00 · 2020-10-28 12:04:12 +01:00
parent 7c3964a388 34ae6e0576
commit f3e2bd0fd9
12 changed files with 414 additions and 0 deletions
--- a/java/ql/test/stubs/validation-api-2.0.1.Final/javax/validation/ClockProvider.java
+++ b/java/ql/test/stubs/validation-api-2.0.1.Final/javax/validation/ClockProvider.java
@@ -0,0 +1,8 @@
+package javax.validation;
+
+import java.time.Clock;
+
+public interface ClockProvider {
+
+	Clock getClock();
+}
--- a/java/ql/test/stubs/validation-api-2.0.1.Final/javax/validation/ConstraintValidator.java
+++ b/java/ql/test/stubs/validation-api-2.0.1.Final/javax/validation/ConstraintValidator.java
@@ -0,0 +1,8 @@
+package javax.validation;
+
+import java.lang.annotation.Annotation;
+
+public interface ConstraintValidator<A extends Annotation, T> {
+	default void initialize(A constraintAnnotation) {}
+	boolean isValid(T value, ConstraintValidatorContext context);
+}
--- a/java/ql/test/stubs/validation-api-2.0.1.Final/javax/validation/ConstraintValidatorContext.java
+++ b/java/ql/test/stubs/validation-api-2.0.1.Final/javax/validation/ConstraintValidatorContext.java
@@ -0,0 +1,212 @@
+package javax.validation;
+
+import java.time.Clock;
+
+public interface ConstraintValidatorContext {
+
+	
+	void disableDefaultConstraintViolation();
+
+	
+	String getDefaultConstraintMessageTemplate();
+
+	
+	ClockProvider getClockProvider();
+
+	
+	ConstraintViolationBuilder buildConstraintViolationWithTemplate(String messageTemplate);
+
+	
+	<T> T unwrap(Class<T> type);
+
+	
+	interface ConstraintViolationBuilder {
+
+		
+		NodeBuilderDefinedContext addNode(String name);
+
+		
+		NodeBuilderCustomizableContext addPropertyNode(String name);
+
+		
+		LeafNodeBuilderCustomizableContext addBeanNode();
+
+		
+		ContainerElementNodeBuilderCustomizableContext addContainerElementNode(String name,
+				Class<?> containerType, Integer typeArgumentIndex);
+
+		
+		NodeBuilderDefinedContext addParameterNode(int index);
+
+		
+		ConstraintValidatorContext addConstraintViolation();
+
+		
+		interface LeafNodeBuilderDefinedContext {
+
+			
+			ConstraintValidatorContext addConstraintViolation();
+		}
+
+		
+		interface LeafNodeBuilderCustomizableContext {
+
+			
+			LeafNodeContextBuilder inIterable();
+
+			
+			LeafNodeBuilderCustomizableContext inContainer(Class<?> containerClass,
+														   Integer typeArgumentIndex);
+
+			
+			ConstraintValidatorContext addConstraintViolation();
+		}
+
+		
+		interface LeafNodeContextBuilder {
+
+			
+			LeafNodeBuilderDefinedContext atKey(Object key);
+
+			
+			LeafNodeBuilderDefinedContext atIndex(Integer index);
+
+			
+			ConstraintValidatorContext addConstraintViolation();
+		}
+
+		
+		interface NodeBuilderDefinedContext {
+
+			
+			NodeBuilderCustomizableContext addNode(String name);
+
+			
+			NodeBuilderCustomizableContext addPropertyNode(String name);
+
+			
+			LeafNodeBuilderCustomizableContext addBeanNode();
+
+			
+			ContainerElementNodeBuilderCustomizableContext addContainerElementNode(
+					String name, Class<?> containerType, Integer typeArgumentIndex);
+
+			
+			ConstraintValidatorContext addConstraintViolation();
+		}
+
+		
+		interface NodeBuilderCustomizableContext {
+
+			
+			NodeContextBuilder inIterable();
+
+			
+			NodeBuilderCustomizableContext inContainer(Class<?> containerClass,
+													   Integer typeArgumentIndex);
+
+			
+			NodeBuilderCustomizableContext addNode(String name);
+
+			
+			NodeBuilderCustomizableContext addPropertyNode(String name);
+
+			
+			LeafNodeBuilderCustomizableContext addBeanNode();
+
+			
+			ContainerElementNodeBuilderCustomizableContext addContainerElementNode(
+					String name, Class<?> containerType, Integer typeArgumentIndex);
+
+			
+			ConstraintValidatorContext addConstraintViolation();
+		}
+
+		
+		interface NodeContextBuilder {
+
+			
+			NodeBuilderDefinedContext atKey(Object key);
+
+			
+			NodeBuilderDefinedContext atIndex(Integer index);
+
+			
+			NodeBuilderCustomizableContext addNode(String name);
+
+			
+			NodeBuilderCustomizableContext addPropertyNode(String name);
+
+			
+			LeafNodeBuilderCustomizableContext addBeanNode();
+
+			
+			ContainerElementNodeBuilderCustomizableContext addContainerElementNode(
+					String name, Class<?> containerType, Integer typeArgumentIndex);
+
+			
+			ConstraintValidatorContext addConstraintViolation();
+		}
+
+		
+		interface ContainerElementNodeBuilderDefinedContext {
+
+			
+			NodeBuilderCustomizableContext addPropertyNode(String name);
+
+			
+			LeafNodeBuilderCustomizableContext addBeanNode();
+
+			
+			ContainerElementNodeBuilderCustomizableContext addContainerElementNode(
+					String name, Class<?> containerType, Integer typeArgumentIndex);
+
+			
+			ConstraintValidatorContext addConstraintViolation();
+		}
+
+		
+		interface ContainerElementNodeBuilderCustomizableContext {
+
+			
+			ContainerElementNodeContextBuilder inIterable();
+
+			
+			NodeBuilderCustomizableContext addPropertyNode(String name);
+
+			
+			LeafNodeBuilderCustomizableContext addBeanNode();
+
+			
+			ContainerElementNodeBuilderCustomizableContext addContainerElementNode(
+					String name, Class<?> containerType, Integer typeArgumentIndex);
+
+			
+			ConstraintValidatorContext addConstraintViolation();
+		}
+
+		
+		interface ContainerElementNodeContextBuilder {
+
+			
+			ContainerElementNodeBuilderDefinedContext atKey(Object key);
+
+			
+			ContainerElementNodeBuilderDefinedContext atIndex(Integer index);
+
+			
+			NodeBuilderCustomizableContext addPropertyNode(String name);
+
+			
+			LeafNodeBuilderCustomizableContext addBeanNode();
+
+			
+			ContainerElementNodeBuilderCustomizableContext addContainerElementNode(
+					String name, Class<?> containerType, Integer typeArgumentIndex);
+
+			
+			ConstraintValidatorContext addConstraintViolation();
+		}
+	}
+}
+