hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: convert XPathInjection test to .qlref

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-06-23 18:03:39 +02:00
parent 162b1c51a9
commit f5c7ef6ab4
4 changed files with 234 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.expected
View File

@@ -0,0 +1,197 @@
#select
| XPathInjectionTest.java:91:24:91:33 | expression | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:91:24:91:33 | expression | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:91:24:91:33 | expression | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:91:24:91:33 | expression | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:92:34:92:43 | expression | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:92:34:92:43 | expression | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:92:34:92:43 | expression | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:92:34:92:43 | expression | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:93:23:93:82 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:93:23:93:82 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:93:23:93:82 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:93:23:93:82 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:96:28:96:37 | expression | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:96:28:96:37 | expression | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:96:28:96:37 | expression | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:96:28:96:37 | expression | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:97:38:97:47 | expression | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:97:38:97:47 | expression | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:97:38:97:47 | expression | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:97:38:97:47 | expression | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:98:27:98:86 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:98:27:98:86 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:98:27:98:86 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:98:27:98:86 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:107:23:107:27 | query | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:107:23:107:27 | query | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:107:23:107:27 | query | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:107:23:107:27 | query | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:108:27:108:31 | query | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:108:27:108:31 | query | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:108:27:108:31 | query | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:108:27:108:31 | query | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:125:31:125:90 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:125:31:125:90 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:125:31:125:90 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:125:31:125:90 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:126:30:126:89 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:126:30:126:89 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:126:30:126:89 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:126:30:126:89 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:127:59:127:93 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:127:59:127:93 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:128:35:128:94 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:128:35:128:94 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:128:35:128:94 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:128:35:128:94 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:129:26:129:85 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:129:26:129:85 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:129:26:129:85 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:129:26:129:85 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:130:32:130:91 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:130:32:130:91 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:130:32:130:91 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:130:32:130:91 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:131:26:131:85 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:131:26:131:85 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:131:26:131:85 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:131:26:131:85 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:132:30:132:89 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:132:30:132:89 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:132:30:132:89 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:132:30:132:89 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:134:26:134:85 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:134:26:134:85 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:134:26:134:85 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:134:26:134:85 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:135:26:135:85 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:135:26:135:85 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:135:26:135:85 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:135:26:135:85 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:139:34:139:93 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:139:34:139:93 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:139:34:139:93 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:139:34:139:93 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:140:32:140:91 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:140:32:140:91 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:140:32:140:91 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:140:32:140:91 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:141:38:141:97 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:141:38:141:97 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:141:38:141:97 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:141:38:141:97 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:143:38:143:97 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:143:38:143:97 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:143:38:143:97 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:143:38:143:97 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:144:36:144:95 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:144:36:144:95 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:144:36:144:95 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:144:36:144:95 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:145:42:145:101 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:145:42:145:101 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:145:42:145:101 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:145:42:145:101 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:146:36:146:95 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:146:36:146:95 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:146:36:146:95 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:146:36:146:95 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:147:52:147:111 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:147:52:147:111 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:147:52:147:111 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:147:52:147:111 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:150:39:150:98 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:150:39:150:98 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:150:39:150:98 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:150:39:150:98 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:151:37:151:96 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:151:37:151:96 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:151:37:151:96 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:151:37:151:96 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:152:43:152:102 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:152:43:152:102 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:152:43:152:102 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:152:43:152:102 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:155:33:155:92 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:155:33:155:92 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:155:33:155:92 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:155:33:155:92 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:156:37:156:96 | ... + ... | XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:156:37:156:96 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:77:23:77:50 | getParameter(...) | user-provided value |
| XPathInjectionTest.java:156:37:156:96 | ... + ... | XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:156:37:156:96 | ... + ... | XPath expression depends on a $@. | XPathInjectionTest.java:78:23:78:50 | getParameter(...) | user-provided value |
edges
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:91:24:91:33 | expression | provenance | Src:MaD:24 Sink:MaD:2 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:92:34:92:43 | expression | provenance | Src:MaD:24 Sink:MaD:3 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:93:23:93:82 | ... + ... | provenance | Src:MaD:24 Sink:MaD:1 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:96:28:96:37 | expression | provenance | Src:MaD:24 Sink:MaD:2 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:97:38:97:47 | expression | provenance | Src:MaD:24 Sink:MaD:3 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:98:27:98:86 | ... + ... | provenance | Src:MaD:24 Sink:MaD:1 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:101:19:101:22 | user : String | provenance | Src:MaD:24 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:125:31:125:90 | ... + ... | provenance | Src:MaD:24 Sink:MaD:21 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:126:30:126:89 | ... + ... | provenance | Src:MaD:24 Sink:MaD:20 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:128:35:128:94 | ... + ... | provenance | Src:MaD:24 Sink:MaD:22 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:129:26:129:85 | ... + ... | provenance | Src:MaD:24 Sink:MaD:23 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:130:32:130:91 | ... + ... | provenance | Src:MaD:24 Sink:MaD:19 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:131:26:131:85 | ... + ... | provenance | Src:MaD:24 Sink:MaD:18 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:132:30:132:89 | ... + ... | provenance | Src:MaD:24 Sink:MaD:17 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:134:26:134:85 | ... + ... | provenance | Src:MaD:24 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:135:26:135:85 | ... + ... | provenance | Src:MaD:24 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:139:34:139:93 | ... + ... | provenance | Src:MaD:24 Sink:MaD:9 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:140:32:140:91 | ... + ... | provenance | Src:MaD:24 Sink:MaD:10 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:141:38:141:97 | ... + ... | provenance | Src:MaD:24 Sink:MaD:11 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:143:38:143:97 | ... + ... | provenance | Src:MaD:24 Sink:MaD:12 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:144:36:144:95 | ... + ... | provenance | Src:MaD:24 Sink:MaD:13 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:145:42:145:101 | ... + ... | provenance | Src:MaD:24 Sink:MaD:14 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:146:36:146:95 | ... + ... | provenance | Src:MaD:24 Sink:MaD:15 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:147:52:147:111 | ... + ... | provenance | Src:MaD:24 Sink:MaD:16 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:150:39:150:98 | ... + ... | provenance | Src:MaD:24 Sink:MaD:6 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:151:37:151:96 | ... + ... | provenance | Src:MaD:24 Sink:MaD:7 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:152:43:152:102 | ... + ... | provenance | Src:MaD:24 Sink:MaD:8 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:155:33:155:92 | ... + ... | provenance | Src:MaD:24 Sink:MaD:4 |
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | XPathInjectionTest.java:156:37:156:96 | ... + ... | provenance | Src:MaD:24 Sink:MaD:5 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:91:24:91:33 | expression | provenance | Src:MaD:24 Sink:MaD:2 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:92:34:92:43 | expression | provenance | Src:MaD:24 Sink:MaD:3 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:93:23:93:82 | ... + ... | provenance | Src:MaD:24 Sink:MaD:1 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:96:28:96:37 | expression | provenance | Src:MaD:24 Sink:MaD:2 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:97:38:97:47 | expression | provenance | Src:MaD:24 Sink:MaD:3 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:98:27:98:86 | ... + ... | provenance | Src:MaD:24 Sink:MaD:1 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:103:19:103:22 | pass : String | provenance | Src:MaD:24 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:125:31:125:90 | ... + ... | provenance | Src:MaD:24 Sink:MaD:21 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:126:30:126:89 | ... + ... | provenance | Src:MaD:24 Sink:MaD:20 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:127:59:127:93 | ... + ... | provenance | Src:MaD:24 Sink:MaD:20 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:128:35:128:94 | ... + ... | provenance | Src:MaD:24 Sink:MaD:22 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:129:26:129:85 | ... + ... | provenance | Src:MaD:24 Sink:MaD:23 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:130:32:130:91 | ... + ... | provenance | Src:MaD:24 Sink:MaD:19 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:131:26:131:85 | ... + ... | provenance | Src:MaD:24 Sink:MaD:18 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:132:30:132:89 | ... + ... | provenance | Src:MaD:24 Sink:MaD:17 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:134:26:134:85 | ... + ... | provenance | Src:MaD:24 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:135:26:135:85 | ... + ... | provenance | Src:MaD:24 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:139:34:139:93 | ... + ... | provenance | Src:MaD:24 Sink:MaD:9 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:140:32:140:91 | ... + ... | provenance | Src:MaD:24 Sink:MaD:10 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:141:38:141:97 | ... + ... | provenance | Src:MaD:24 Sink:MaD:11 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:143:38:143:97 | ... + ... | provenance | Src:MaD:24 Sink:MaD:12 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:144:36:144:95 | ... + ... | provenance | Src:MaD:24 Sink:MaD:13 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:145:42:145:101 | ... + ... | provenance | Src:MaD:24 Sink:MaD:14 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:146:36:146:95 | ... + ... | provenance | Src:MaD:24 Sink:MaD:15 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:147:52:147:111 | ... + ... | provenance | Src:MaD:24 Sink:MaD:16 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:150:39:150:98 | ... + ... | provenance | Src:MaD:24 Sink:MaD:6 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:151:37:151:96 | ... + ... | provenance | Src:MaD:24 Sink:MaD:7 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:152:43:152:102 | ... + ... | provenance | Src:MaD:24 Sink:MaD:8 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:155:33:155:92 | ... + ... | provenance | Src:MaD:24 Sink:MaD:4 |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | XPathInjectionTest.java:156:37:156:96 | ... + ... | provenance | Src:MaD:24 Sink:MaD:5 |
| XPathInjectionTest.java:101:9:101:10 | sb [post update] : StringBuffer | XPathInjectionTest.java:105:24:105:25 | sb : StringBuffer | provenance | |
| XPathInjectionTest.java:101:19:101:22 | user : String | XPathInjectionTest.java:101:9:101:10 | sb [post update] : StringBuffer | provenance | MaD:25 |
| XPathInjectionTest.java:103:9:103:10 | sb [post update] : StringBuffer | XPathInjectionTest.java:105:24:105:25 | sb : StringBuffer | provenance | |
| XPathInjectionTest.java:103:19:103:22 | pass : String | XPathInjectionTest.java:103:9:103:10 | sb [post update] : StringBuffer | provenance | MaD:25 |
| XPathInjectionTest.java:105:24:105:25 | sb : StringBuffer | XPathInjectionTest.java:105:24:105:36 | toString(...) : String | provenance | MaD:26 |
| XPathInjectionTest.java:105:24:105:36 | toString(...) : String | XPathInjectionTest.java:107:23:107:27 | query | provenance | Sink:MaD:1 |
| XPathInjectionTest.java:105:24:105:36 | toString(...) : String | XPathInjectionTest.java:108:27:108:31 | query | provenance | Sink:MaD:1 |
models
| 1 | Sink: javax.xml.xpath; XPath; true; compile; ; ; Argument[0]; xpath-injection; manual |
| 2 | Sink: javax.xml.xpath; XPath; true; evaluate; ; ; Argument[0]; xpath-injection; manual |
| 3 | Sink: javax.xml.xpath; XPath; true; evaluateExpression; ; ; Argument[0]; xpath-injection; manual |
| 4 | Sink: org.dom4j.tree; AbstractNode; true; createPattern; ; ; Argument[0]; xpath-injection; manual |
| 5 | Sink: org.dom4j.tree; AbstractNode; true; createXPathFilter; ; ; Argument[0]; xpath-injection; manual |
| 6 | Sink: org.dom4j.util; ProxyDocumentFactory; true; createPattern; ; ; Argument[0]; xpath-injection; manual |
| 7 | Sink: org.dom4j.util; ProxyDocumentFactory; true; createXPath; ; ; Argument[0]; xpath-injection; manual |
| 8 | Sink: org.dom4j.util; ProxyDocumentFactory; true; createXPathFilter; ; ; Argument[0]; xpath-injection; manual |
| 9 | Sink: org.dom4j; DocumentFactory; true; createPattern; ; ; Argument[0]; xpath-injection; manual |
| 10 | Sink: org.dom4j; DocumentFactory; true; createXPath; ; ; Argument[0]; xpath-injection; manual |
| 11 | Sink: org.dom4j; DocumentFactory; true; createXPathFilter; ; ; Argument[0]; xpath-injection; manual |
| 12 | Sink: org.dom4j; DocumentHelper; false; createPattern; ; ; Argument[0]; xpath-injection; manual |
| 13 | Sink: org.dom4j; DocumentHelper; false; createXPath; ; ; Argument[0]; xpath-injection; manual |
| 14 | Sink: org.dom4j; DocumentHelper; false; createXPathFilter; ; ; Argument[0]; xpath-injection; manual |
| 15 | Sink: org.dom4j; DocumentHelper; false; selectNodes; ; ; Argument[0]; xpath-injection; manual |
| 16 | Sink: org.dom4j; DocumentHelper; false; sort; ; ; Argument[1]; xpath-injection; manual |
| 17 | Sink: org.dom4j; Node; true; createXPath; ; ; Argument[0]; xpath-injection; manual |
| 18 | Sink: org.dom4j; Node; true; matches; ; ; Argument[0]; xpath-injection; manual |
| 19 | Sink: org.dom4j; Node; true; numberValueOf; ; ; Argument[0]; xpath-injection; manual |
| 20 | Sink: org.dom4j; Node; true; selectNodes; ; ; Argument[0..1]; xpath-injection; manual |
| 21 | Sink: org.dom4j; Node; true; selectObject; ; ; Argument[0]; xpath-injection; manual |
| 22 | Sink: org.dom4j; Node; true; selectSingleNode; ; ; Argument[0]; xpath-injection; manual |
| 23 | Sink: org.dom4j; Node; true; valueOf; ; ; Argument[0]; xpath-injection; manual |
| 24 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
| 25 | Summary: java.lang; AbstractStringBuilder; true; append; ; ; Argument[0]; Argument[this]; taint; manual |
| 26 | Summary: java.lang; CharSequence; true; toString; ; ; Argument[this]; ReturnValue; taint; manual |
nodes
| XPathInjectionTest.java:77:23:77:50 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| XPathInjectionTest.java:78:23:78:50 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| XPathInjectionTest.java:91:24:91:33 | expression | semmle.label | expression |
| XPathInjectionTest.java:92:34:92:43 | expression | semmle.label | expression |
| XPathInjectionTest.java:93:23:93:82 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:96:28:96:37 | expression | semmle.label | expression |
| XPathInjectionTest.java:97:38:97:47 | expression | semmle.label | expression |
| XPathInjectionTest.java:98:27:98:86 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:101:9:101:10 | sb [post update] : StringBuffer | semmle.label | sb [post update] : StringBuffer |
| XPathInjectionTest.java:101:19:101:22 | user : String | semmle.label | user : String |
| XPathInjectionTest.java:103:9:103:10 | sb [post update] : StringBuffer | semmle.label | sb [post update] : StringBuffer |
| XPathInjectionTest.java:103:19:103:22 | pass : String | semmle.label | pass : String |
| XPathInjectionTest.java:105:24:105:25 | sb : StringBuffer | semmle.label | sb : StringBuffer |
| XPathInjectionTest.java:105:24:105:36 | toString(...) : String | semmle.label | toString(...) : String |
| XPathInjectionTest.java:107:23:107:27 | query | semmle.label | query |
| XPathInjectionTest.java:108:27:108:31 | query | semmle.label | query |
| XPathInjectionTest.java:125:31:125:90 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:126:30:126:89 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:127:59:127:93 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:128:35:128:94 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:129:26:129:85 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:130:32:130:91 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:131:26:131:85 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:132:30:132:89 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:134:26:134:85 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:135:26:135:85 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:139:34:139:93 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:140:32:140:91 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:141:38:141:97 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:143:38:143:97 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:144:36:144:95 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:145:42:145:101 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:146:36:146:95 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:147:52:147:111 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:150:39:150:98 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:151:37:151:96 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:152:43:152:102 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:155:33:155:92 | ... + ... | semmle.label | ... + ... |
| XPathInjectionTest.java:156:37:156:96 | ... + ... | semmle.label | ... + ... |
subpaths

66
java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java
View File

@@ -74,8 +74,8 @@ public class XPathInjectionTest {
}
public void handle(HttpServletRequest request) throws Exception {
String user = request.getParameter("user");
String pass = request.getParameter("pass");
String user = request.getParameter("user"); // $ Source
String pass = request.getParameter("pass"); // $ Source
String expression = "/users/user[@name='" + user + "' and @pass='" + pass + "']";
final String xmlStr = "<users>" + " <user name=\"aaa\" pass=\"pass1\"></user>"
@@ -88,14 +88,14 @@ public class XPathInjectionTest {
XPathFactory factory = XPathFactory.newInstance();
XPath xpath = factory.newXPath();
xpath.evaluate(expression, doc, XPathConstants.BOOLEAN); // $hasXPathInjection
xpath.evaluateExpression(expression, xmlSource); // $hasXPathInjection
xpath.compile("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
xpath.evaluate(expression, doc, XPathConstants.BOOLEAN); // $ Alert
xpath.evaluateExpression(expression, xmlSource); // $ Alert
xpath.compile("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
XPathImplStub xpathStub = XPathImplStub.getInstance();
xpathStub.evaluate(expression, doc, XPathConstants.BOOLEAN); // $hasXPathInjection
xpathStub.evaluateExpression(expression, xmlSource); // $hasXPathInjection
xpathStub.compile("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
xpathStub.evaluate(expression, doc, XPathConstants.BOOLEAN); // $ Alert
xpathStub.evaluateExpression(expression, xmlSource); // $ Alert
xpathStub.compile("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
StringBuffer sb = new StringBuffer("/users/user[@name=");
sb.append(user);
@@ -104,8 +104,8 @@ public class XPathInjectionTest {
sb.append("']");
String query = sb.toString();
xpath.compile(query); // $hasXPathInjection
xpathStub.compile(query); // $hasXPathInjection
xpath.compile(query); // $ Alert
xpathStub.compile(query); // $ Alert
String expression4 = "/users/user[@name=$user and @pass=$pass]";
xpath.setXPathVariableResolver(v -> {
@@ -122,38 +122,38 @@ public class XPathInjectionTest {
SAXReader reader = new SAXReader();
org.dom4j.Document document = reader.read(new ByteArrayInputStream(xmlStr.getBytes()));
document.selectObject("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.selectNodes("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.selectNodes("/users/user[@name='test']", "/users/user[@pass='" + pass + "']"); // $hasXPathInjection
document.selectSingleNode("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.valueOf("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.numberValueOf("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.matches("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.createXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
document.selectObject("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
document.selectNodes("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
document.selectNodes("/users/user[@name='test']", "/users/user[@pass='" + pass + "']"); // $ Alert
document.selectSingleNode("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
document.valueOf("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
document.numberValueOf("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
document.matches("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
document.createXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
new DefaultXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
new XPathPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
new DefaultXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
new XPathPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
new XPathPattern(new PatternStub(user)); // $ MISSING: hasXPathInjection // Jaxen is not modeled yet
DocumentFactory docFactory = DocumentFactory.getInstance();
docFactory.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
docFactory.createXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
docFactory.createXPathFilter("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
docFactory.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
docFactory.createXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
docFactory.createXPathFilter("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
DocumentHelper.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
DocumentHelper.createXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
DocumentHelper.createXPathFilter("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
DocumentHelper.selectNodes("/users/user[@name='" + user + "' and @pass='" + pass + "']", new ArrayList<Node>()); // $hasXPathInjection
DocumentHelper.sort(new ArrayList<Node>(), "/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
DocumentHelper.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
DocumentHelper.createXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
DocumentHelper.createXPathFilter("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
DocumentHelper.selectNodes("/users/user[@name='" + user + "' and @pass='" + pass + "']", new ArrayList<Node>()); // $ Alert
DocumentHelper.sort(new ArrayList<Node>(), "/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
ProxyDocumentFactoryStub proxyDocFactory = new ProxyDocumentFactoryStub();
proxyDocFactory.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
proxyDocFactory.createXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
proxyDocFactory.createXPathFilter("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
proxyDocFactory.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
proxyDocFactory.createXPath("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
proxyDocFactory.createXPathFilter("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
Namespace namespace = new Namespace("prefix", "http://some.uri.io");
namespace.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
namespace.createXPathFilter("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
namespace.createPattern("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
namespace.createXPathFilter("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $ Alert
org.jaxen.SimpleVariableContext svc = new org.jaxen.SimpleVariableContext();
svc.setVariableValue("user", user);

19
java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.ql
View File

@@ -1,19 +0,0 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.security.XPathInjectionQuery
import utils.test.InlineExpectationsTest
module HasXPathInjectionTest implements TestSig {
string getARelevantTag() { result = "hasXPathInjection" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasXPathInjection" and
exists(DataFlow::Node sink | XPathInjectionFlow::flowTo(sink) |
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
}
}
import MakeTest<HasXPathInjectionTest>

4
java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.qlref Normal file
View File

@@ -0,0 +1,4 @@
query: Security/CWE/CWE-643/XPathInjection.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql