hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 06:24:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add thymeleaf steps

Browse Source
This commit is contained in:
Tony Torralba
2022-09-12 17:01:16 +02:00
parent 79a32f1a3e
commit f412f433bf
8 changed files with 97 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/test/query-tests/security/CWE-094/PebbleSSTI.java
View File

@@ -15,17 +15,15 @@ public class PebbleSSTI {
@GetMapping(value = "bad1")
public void bad1(HttpServletRequest request) {
String code = request.getParameter("code");
String templateName = request.getParameter("templateName");
PebbleEngine engine = new PebbleEngine.Builder().build();
// public PebbleTemplate getTemplate(String templateName)
PebbleTemplate compiledTemplate = engine.getTemplate(code); // $hasTemplateInjection
PebbleTemplate compiledTemplate = engine.getTemplate(templateName); // $hasTemplateInjection
}
@GetMapping(value = "bad2")
public void bad2(HttpServletRequest request) {
String code = request.getParameter("code");
String templateName = request.getParameter("templateName");
PebbleEngine engine = new PebbleEngine.Builder().build();
// public PebbleTemplate getLiteralTemplate(String templateName)
PebbleTemplate compiledTemplate = engine.getLiteralTemplate(code); // $hasTemplateInjection
PebbleTemplate compiledTemplate = engine.getLiteralTemplate(templateName); // $hasTemplateInjection
}
}

17
java/ql/test/query-tests/security/CWE-094/ThymeleafSSTI.java
View File

@@ -9,22 +9,29 @@ import java.io.FileWriter;
import java.io.Reader;
import java.io.StringReader;
import java.io.Writer;
import java.util.Set;
import org.thymeleaf.*;
import org.thymeleaf.context.Context;
@Controller
public class ThymeleafSSTI {
String sourceName = "sourceName";
@GetMapping(value = "bad1")
public void bad1(HttpServletRequest request) {
String code = request.getParameter("code");
Context ctx = new Context();
try {
FileWriter fw = new FileWriter(new File("as"));
TemplateEngine templateEngine = new TemplateEngine();
templateEngine.process(code, ctx, fw); // $hasTemplateInjection
templateEngine.process(code, (Set<String>) null, (Context) null); // $hasTemplateInjection
templateEngine.process(code, (Set<String>) null, (Context) null, (Writer) null); // $hasTemplateInjection
templateEngine.process(code, (Context) null); // $hasTemplateInjection
templateEngine.process(code, (Context) null, (Writer) null); // $hasTemplateInjection
templateEngine.processThrottled(code, (Set<String>) null, (Context) null); // $hasTemplateInjection
templateEngine.processThrottled(code, (Context) null); // $hasTemplateInjection
TemplateSpec spec = new TemplateSpec(code, "");
templateEngine.process(spec, (Context) null); // $hasTemplateInjection
templateEngine.process(spec, (Context) null, (Writer) null); // $hasTemplateInjection
templateEngine.processThrottled(spec, (Context) null); // $hasTemplateInjection
} catch (Exception e) {
}
}