hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add Spring LDAP and JMXServiceURL related sinks

Browse Source
This commit is contained in:
Grzegorz Golawski
2020-05-03 20:51:50 +02:00
parent 0c75330e42
commit f893954ea3
18 changed files with 351 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

238
java/ql/test/experimental/query-tests/security/CWE-074/JndiInjection.expected
View File

@@ -1,116 +1,130 @@
edges
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:16:16:16:22 | nameStr |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:17:20:17:26 | nameStr |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:18:29:18:35 | nameStr |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:19:16:19:22 | nameStr |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:20:14:20:20 | nameStr |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:21:22:21:28 | nameStr |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:23:16:23:19 | name |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:24:20:24:23 | name |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:25:29:25:32 | name |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:26:16:26:19 | name |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:27:14:27:17 | name |
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:28:22:28:25 | name |
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:35:16:35:22 | nameStr |
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:36:20:36:26 | nameStr |
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:37:16:37:22 | nameStr |
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:38:14:38:20 | nameStr |
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:39:22:39:28 | nameStr |
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:41:16:41:19 | name |
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:42:20:42:23 | name |
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:43:16:43:19 | name |
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:44:14:44:17 | name |
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:45:22:45:25 | name |
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:52:16:52:22 | nameStr |
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:53:20:53:26 | nameStr |
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:54:16:54:22 | nameStr |
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:55:14:55:20 | nameStr |
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:56:22:56:28 | nameStr |
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:58:16:58:19 | name |
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:59:20:59:23 | name |
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:60:16:60:19 | name |
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:61:14:61:17 | name |
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:62:22:62:25 | name |
| JndiInjection.java:65:42:65:69 | nameStr : String | JndiInjection.java:68:16:68:22 | nameStr |
| JndiInjection.java:65:42:65:69 | nameStr : String | JndiInjection.java:69:16:69:22 | nameStr |
| JndiInjection.java:72:41:72:68 | nameStr : String | JndiInjection.java:75:16:75:22 | nameStr |
| JndiInjection.java:72:41:72:68 | nameStr : String | JndiInjection.java:76:16:76:22 | nameStr |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:22:16:22:22 | nameStr |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:23:20:23:26 | nameStr |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:24:29:24:35 | nameStr |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:25:16:25:22 | nameStr |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:26:14:26:20 | nameStr |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:27:22:27:28 | nameStr |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:29:16:29:19 | name |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:30:20:30:23 | name |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:31:29:31:32 | name |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:32:16:32:19 | name |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:33:14:33:17 | name |
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:34:22:34:25 | name |
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:41:16:41:22 | nameStr |
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:42:20:42:26 | nameStr |
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:43:16:43:22 | nameStr |
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:44:14:44:20 | nameStr |
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:45:22:45:28 | nameStr |
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:47:16:47:19 | name |
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:48:20:48:23 | name |
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:49:16:49:19 | name |
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:50:14:50:17 | name |
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:51:22:51:25 | name |
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:58:16:58:22 | nameStr |
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:59:20:59:26 | nameStr |
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:60:16:60:22 | nameStr |
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:61:14:61:20 | nameStr |
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:62:22:62:28 | nameStr |
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:64:16:64:19 | name |
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:65:20:65:23 | name |
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:66:16:66:19 | name |
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:67:14:67:17 | name |
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:68:22:68:25 | name |
| JndiInjection.java:71:42:71:69 | nameStr : String | JndiInjection.java:74:16:74:22 | nameStr |
| JndiInjection.java:71:42:71:69 | nameStr : String | JndiInjection.java:75:16:75:22 | nameStr |
| JndiInjection.java:78:42:78:69 | nameStr : String | JndiInjection.java:81:16:81:22 | nameStr |
| JndiInjection.java:78:42:78:69 | nameStr : String | JndiInjection.java:82:23:82:29 | nameStr |
| JndiInjection.java:85:41:85:68 | nameStr : String | JndiInjection.java:88:16:88:22 | nameStr |
| JndiInjection.java:85:41:85:68 | nameStr : String | JndiInjection.java:89:16:89:22 | nameStr |
| JndiInjection.java:92:37:92:63 | urlStr : String | JndiInjection.java:93:33:93:57 | new JMXServiceURL(...) |
| JndiInjection.java:92:37:92:63 | urlStr : String | JndiInjection.java:97:5:97:13 | connector |
nodes
| JndiInjection.java:12:38:12:65 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:16:16:16:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:17:20:17:26 | nameStr | semmle.label | nameStr |
| JndiInjection.java:18:29:18:35 | nameStr | semmle.label | nameStr |
| JndiInjection.java:19:16:19:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:20:14:20:20 | nameStr | semmle.label | nameStr |
| JndiInjection.java:21:22:21:28 | nameStr | semmle.label | nameStr |
| JndiInjection.java:23:16:23:19 | name | semmle.label | name |
| JndiInjection.java:24:20:24:23 | name | semmle.label | name |
| JndiInjection.java:25:29:25:32 | name | semmle.label | name |
| JndiInjection.java:26:16:26:19 | name | semmle.label | name |
| JndiInjection.java:27:14:27:17 | name | semmle.label | name |
| JndiInjection.java:28:22:28:25 | name | semmle.label | name |
| JndiInjection.java:31:41:31:68 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:35:16:35:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:36:20:36:26 | nameStr | semmle.label | nameStr |
| JndiInjection.java:37:16:37:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:38:14:38:20 | nameStr | semmle.label | nameStr |
| JndiInjection.java:39:22:39:28 | nameStr | semmle.label | nameStr |
| JndiInjection.java:41:16:41:19 | name | semmle.label | name |
| JndiInjection.java:42:20:42:23 | name | semmle.label | name |
| JndiInjection.java:43:16:43:19 | name | semmle.label | name |
| JndiInjection.java:44:14:44:17 | name | semmle.label | name |
| JndiInjection.java:45:22:45:25 | name | semmle.label | name |
| JndiInjection.java:48:42:48:69 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:52:16:52:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:53:20:53:26 | nameStr | semmle.label | nameStr |
| JndiInjection.java:54:16:54:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:55:14:55:20 | nameStr | semmle.label | nameStr |
| JndiInjection.java:56:22:56:28 | nameStr | semmle.label | nameStr |
| JndiInjection.java:58:16:58:19 | name | semmle.label | name |
| JndiInjection.java:59:20:59:23 | name | semmle.label | name |
| JndiInjection.java:60:16:60:19 | name | semmle.label | name |
| JndiInjection.java:61:14:61:17 | name | semmle.label | name |
| JndiInjection.java:62:22:62:25 | name | semmle.label | name |
| JndiInjection.java:65:42:65:69 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:68:16:68:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:69:16:69:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:72:41:72:68 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:18:38:18:65 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:22:16:22:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:23:20:23:26 | nameStr | semmle.label | nameStr |
| JndiInjection.java:24:29:24:35 | nameStr | semmle.label | nameStr |
| JndiInjection.java:25:16:25:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:26:14:26:20 | nameStr | semmle.label | nameStr |
| JndiInjection.java:27:22:27:28 | nameStr | semmle.label | nameStr |
| JndiInjection.java:29:16:29:19 | name | semmle.label | name |
| JndiInjection.java:30:20:30:23 | name | semmle.label | name |
| JndiInjection.java:31:29:31:32 | name | semmle.label | name |
| JndiInjection.java:32:16:32:19 | name | semmle.label | name |
| JndiInjection.java:33:14:33:17 | name | semmle.label | name |
| JndiInjection.java:34:22:34:25 | name | semmle.label | name |
| JndiInjection.java:37:41:37:68 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:41:16:41:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:42:20:42:26 | nameStr | semmle.label | nameStr |
| JndiInjection.java:43:16:43:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:44:14:44:20 | nameStr | semmle.label | nameStr |
| JndiInjection.java:45:22:45:28 | nameStr | semmle.label | nameStr |
| JndiInjection.java:47:16:47:19 | name | semmle.label | name |
| JndiInjection.java:48:20:48:23 | name | semmle.label | name |
| JndiInjection.java:49:16:49:19 | name | semmle.label | name |
| JndiInjection.java:50:14:50:17 | name | semmle.label | name |
| JndiInjection.java:51:22:51:25 | name | semmle.label | name |
| JndiInjection.java:54:42:54:69 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:58:16:58:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:59:20:59:26 | nameStr | semmle.label | nameStr |
| JndiInjection.java:60:16:60:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:61:14:61:20 | nameStr | semmle.label | nameStr |
| JndiInjection.java:62:22:62:28 | nameStr | semmle.label | nameStr |
| JndiInjection.java:64:16:64:19 | name | semmle.label | name |
| JndiInjection.java:65:20:65:23 | name | semmle.label | name |
| JndiInjection.java:66:16:66:19 | name | semmle.label | name |
| JndiInjection.java:67:14:67:17 | name | semmle.label | name |
| JndiInjection.java:68:22:68:25 | name | semmle.label | name |
| JndiInjection.java:71:42:71:69 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:74:16:74:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:75:16:75:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:76:16:76:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:78:42:78:69 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:81:16:81:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:82:23:82:29 | nameStr | semmle.label | nameStr |
| JndiInjection.java:85:41:85:68 | nameStr : String | semmle.label | nameStr : String |
| JndiInjection.java:88:16:88:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:89:16:89:22 | nameStr | semmle.label | nameStr |
| JndiInjection.java:92:37:92:63 | urlStr : String | semmle.label | urlStr : String |
| JndiInjection.java:93:33:93:57 | new JMXServiceURL(...) | semmle.label | new JMXServiceURL(...) |
| JndiInjection.java:97:5:97:13 | connector | semmle.label | connector |
#select
| JndiInjection.java:16:16:16:22 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:16:16:16:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:17:20:17:26 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:17:20:17:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:18:29:18:35 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:18:29:18:35 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:19:16:19:22 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:19:16:19:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:20:14:20:20 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:20:14:20:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:21:22:21:28 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:21:22:21:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:23:16:23:19 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:23:16:23:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:24:20:24:23 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:24:20:24:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:25:29:25:32 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:25:29:25:32 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:26:16:26:19 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:26:16:26:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:27:14:27:17 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:27:14:27:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:28:22:28:25 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:28:22:28:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
| JndiInjection.java:35:16:35:22 | nameStr | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:35:16:35:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
| JndiInjection.java:36:20:36:26 | nameStr | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:36:20:36:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
| JndiInjection.java:37:16:37:22 | nameStr | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:37:16:37:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
| JndiInjection.java:38:14:38:20 | nameStr | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:38:14:38:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
| JndiInjection.java:39:22:39:28 | nameStr | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:39:22:39:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
| JndiInjection.java:41:16:41:19 | name | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:41:16:41:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
| JndiInjection.java:42:20:42:23 | name | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:42:20:42:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
| JndiInjection.java:43:16:43:19 | name | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:43:16:43:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
| JndiInjection.java:44:14:44:17 | name | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:44:14:44:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
| JndiInjection.java:45:22:45:25 | name | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:45:22:45:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
| JndiInjection.java:52:16:52:22 | nameStr | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:52:16:52:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
| JndiInjection.java:53:20:53:26 | nameStr | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:53:20:53:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
| JndiInjection.java:54:16:54:22 | nameStr | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:54:16:54:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
| JndiInjection.java:55:14:55:20 | nameStr | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:55:14:55:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
| JndiInjection.java:56:22:56:28 | nameStr | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:56:22:56:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
| JndiInjection.java:58:16:58:19 | name | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:58:16:58:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
| JndiInjection.java:59:20:59:23 | name | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:59:20:59:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
| JndiInjection.java:60:16:60:19 | name | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:60:16:60:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
| JndiInjection.java:61:14:61:17 | name | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:61:14:61:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
| JndiInjection.java:62:22:62:25 | name | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:62:22:62:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
| JndiInjection.java:68:16:68:22 | nameStr | JndiInjection.java:65:42:65:69 | nameStr : String | JndiInjection.java:68:16:68:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:65:42:65:69 | nameStr | this user input |
| JndiInjection.java:69:16:69:22 | nameStr | JndiInjection.java:65:42:65:69 | nameStr : String | JndiInjection.java:69:16:69:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:65:42:65:69 | nameStr | this user input |
| JndiInjection.java:75:16:75:22 | nameStr | JndiInjection.java:72:41:72:68 | nameStr : String | JndiInjection.java:75:16:75:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:72:41:72:68 | nameStr | this user input |
| JndiInjection.java:76:16:76:22 | nameStr | JndiInjection.java:72:41:72:68 | nameStr : String | JndiInjection.java:76:16:76:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:72:41:72:68 | nameStr | this user input |
| JndiInjection.java:22:16:22:22 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:22:16:22:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:23:20:23:26 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:23:20:23:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:24:29:24:35 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:24:29:24:35 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:25:16:25:22 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:25:16:25:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:26:14:26:20 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:26:14:26:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:27:22:27:28 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:27:22:27:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:29:16:29:19 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:29:16:29:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:30:20:30:23 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:30:20:30:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:31:29:31:32 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:31:29:31:32 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:32:16:32:19 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:32:16:32:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:33:14:33:17 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:33:14:33:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:34:22:34:25 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:34:22:34:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
| JndiInjection.java:41:16:41:22 | nameStr | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:41:16:41:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
| JndiInjection.java:42:20:42:26 | nameStr | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:42:20:42:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
| JndiInjection.java:43:16:43:22 | nameStr | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:43:16:43:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
| JndiInjection.java:44:14:44:20 | nameStr | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:44:14:44:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
| JndiInjection.java:45:22:45:28 | nameStr | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:45:22:45:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
| JndiInjection.java:47:16:47:19 | name | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:47:16:47:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
| JndiInjection.java:48:20:48:23 | name | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:48:20:48:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
| JndiInjection.java:49:16:49:19 | name | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:49:16:49:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
| JndiInjection.java:50:14:50:17 | name | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:50:14:50:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
| JndiInjection.java:51:22:51:25 | name | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:51:22:51:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
| JndiInjection.java:58:16:58:22 | nameStr | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:58:16:58:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
| JndiInjection.java:59:20:59:26 | nameStr | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:59:20:59:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
| JndiInjection.java:60:16:60:22 | nameStr | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:60:16:60:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
| JndiInjection.java:61:14:61:20 | nameStr | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:61:14:61:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
| JndiInjection.java:62:22:62:28 | nameStr | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:62:22:62:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
| JndiInjection.java:64:16:64:19 | name | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:64:16:64:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
| JndiInjection.java:65:20:65:23 | name | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:65:20:65:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
| JndiInjection.java:66:16:66:19 | name | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:66:16:66:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
| JndiInjection.java:67:14:67:17 | name | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:67:14:67:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
| JndiInjection.java:68:22:68:25 | name | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:68:22:68:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
| JndiInjection.java:74:16:74:22 | nameStr | JndiInjection.java:71:42:71:69 | nameStr : String | JndiInjection.java:74:16:74:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:71:42:71:69 | nameStr | this user input |
| JndiInjection.java:75:16:75:22 | nameStr | JndiInjection.java:71:42:71:69 | nameStr : String | JndiInjection.java:75:16:75:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:71:42:71:69 | nameStr | this user input |
| JndiInjection.java:81:16:81:22 | nameStr | JndiInjection.java:78:42:78:69 | nameStr : String | JndiInjection.java:81:16:81:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:78:42:78:69 | nameStr | this user input |
| JndiInjection.java:82:23:82:29 | nameStr | JndiInjection.java:78:42:78:69 | nameStr : String | JndiInjection.java:82:23:82:29 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:78:42:78:69 | nameStr | this user input |
| JndiInjection.java:88:16:88:22 | nameStr | JndiInjection.java:85:41:85:68 | nameStr : String | JndiInjection.java:88:16:88:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:85:41:85:68 | nameStr | this user input |
| JndiInjection.java:89:16:89:22 | nameStr | JndiInjection.java:85:41:85:68 | nameStr : String | JndiInjection.java:89:16:89:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:85:41:85:68 | nameStr | this user input |
| JndiInjection.java:93:33:93:57 | new JMXServiceURL(...) | JndiInjection.java:92:37:92:63 | urlStr : String | JndiInjection.java:93:33:93:57 | new JMXServiceURL(...) | JNDI lookup might include name from $@. | JndiInjection.java:92:37:92:63 | urlStr | this user input |
| JndiInjection.java:97:5:97:13 | connector | JndiInjection.java:92:37:92:63 | urlStr : String | JndiInjection.java:97:5:97:13 | connector | JNDI lookup might include name from $@. | JndiInjection.java:92:37:92:63 | urlStr | this user input |

21
java/ql/test/experimental/query-tests/security/CWE-074/JndiInjection.java
View File

@@ -1,3 +1,8 @@
import java.io.IOException;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;
import javax.naming.CompositeName;
import javax.naming.InitialContext;
import javax.naming.Name;
@@ -6,6 +11,7 @@ import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.InitialLdapContext;
import org.springframework.jndi.JndiTemplate;
import org.springframework.ldap.core.LdapTemplate;
import org.springframework.web.bind.annotation.RequestParam;
public class JndiInjection {
@@ -69,10 +75,25 @@ public class JndiInjection {
ctx.lookup(nameStr, null);
}
public void testSpringLdapTemplateBad1(@RequestParam String nameStr) throws NamingException {
LdapTemplate ctx = new LdapTemplate();
ctx.lookup(nameStr);
ctx.lookupContext(nameStr);
}
public void testShiroJndiTemplateBad1(@RequestParam String nameStr) throws NamingException {
org.apache.shiro.jndi.JndiTemplate ctx = new org.apache.shiro.jndi.JndiTemplate();
ctx.lookup(nameStr);
ctx.lookup(nameStr, null);
}
public void testJMXServiceUrlBad1(@RequestParam String urlStr) throws IOException {
JMXConnectorFactory.connect(new JMXServiceURL(urlStr));
JMXServiceURL url = new JMXServiceURL(urlStr);
JMXConnector connector = JMXConnectorFactory.newJMXConnector(url, null);
connector.connect();
}
}

2
java/ql/test/experimental/query-tests/security/CWE-074/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/shiro-core-1.5.2
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../stubs/spring-ldap-2.3.2

4
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/ContextMapper.java Normal file
View File

@@ -0,0 +1,4 @@
package org.springframework.ldap.core;
public interface ContextMapper<T> {
}

4
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/DirContextOperations.java Normal file
View File

@@ -0,0 +1,4 @@
package org.springframework.ldap.core;
public interface DirContextOperations {
}

32
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/LdapTemplate.java Normal file
View File

@@ -0,0 +1,32 @@
package org.springframework.ldap.core;
import java.util.*;
import javax.naming.Name;
import javax.naming.directory.SearchControls;
import org.springframework.ldap.filter.Filter;
import org.springframework.ldap.query.LdapQuery;
public class LdapTemplate {
public void authenticate(LdapQuery query, String password) { }
public boolean authenticate(Name base, String filter, String password) { return true; }
public <T> List<T> find(Name base, Filter filter, SearchControls searchControls, final Class<T> clazz) { return null; }
public <T> List<T> find(LdapQuery query, Class<T> clazz) { return null; }
public <T> T findOne(LdapQuery query, Class<T> clazz) { return null; }
public void search(String base, String filter, int searchScope, boolean returningObjFlag, NameClassPairCallbackHandler handler) { }
public DirContextOperations searchForContext(LdapQuery query) { return null; }
public <T> T searchForObject(Name base, String filter, ContextMapper<T> mapper) { return null; }
public Object lookup(final String dn) { return new Object(); }
public DirContextOperations lookupContext(String dn) { return null; }
}

3
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/NameClassPairCallbackHandler.java Normal file
View File

@@ -0,0 +1,3 @@
package org.springframework.ldap.core;
public interface NameClassPairCallbackHandler { }

5
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/filter/EqualsFilter.java Normal file
View File

@@ -0,0 +1,5 @@
package org.springframework.ldap.filter;
public class EqualsFilter implements Filter {
public EqualsFilter(String attribute, String value) { }
}

4
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/filter/Filter.java Normal file
View File

@@ -0,0 +1,4 @@
package org.springframework.ldap.filter;
public interface Filter {
}

7
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/filter/HardcodedFilter.java Normal file
View File

@@ -0,0 +1,7 @@
package org.springframework.ldap.filter;
public class HardcodedFilter implements Filter {
public HardcodedFilter(String filter) { }
public StringBuffer encode(StringBuffer buff) { return buff; }
public String toString() { return ""; }
}

5
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/ConditionCriteria.java Normal file
View File

@@ -0,0 +1,5 @@
package org.springframework.ldap.query;
public interface ConditionCriteria {
ContainerCriteria is(String value);
}

4
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/ContainerCriteria.java Normal file
View File

@@ -0,0 +1,4 @@
package org.springframework.ldap.query;
public interface ContainerCriteria extends LdapQuery {
}

4
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/LdapQuery.java Normal file
View File

@@ -0,0 +1,4 @@
package org.springframework.ldap.query;
public interface LdapQuery {
}

14
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/LdapQueryBuilder.java Normal file
View File

@@ -0,0 +1,14 @@
package org.springframework.ldap.query;
import javax.naming.Name;
import org.springframework.ldap.filter.Filter;
public class LdapQueryBuilder {
public static LdapQueryBuilder query() { return null; }
public LdapQuery filter(String hardcodedFilter) { return null; }
public LdapQuery filter(Filter filter) { return null; }
public LdapQuery filter(String filterFormat, Object... params) { return null; }
public LdapQueryBuilder base(String baseDn) { return this; }
public Name base() { return null; }
public ConditionCriteria where(String attribute) { return null; }
}

5
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/support/LdapEncoder.java Normal file
View File

@@ -0,0 +1,5 @@
package org.springframework.ldap.support;
public class LdapEncoder {
public static String filterEncode(String value) { return null; }
}

12
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/support/LdapNameBuilder.java Normal file
View File

@@ -0,0 +1,12 @@
package org.springframework.ldap.support;
import javax.naming.ldap.LdapName;
public class LdapNameBuilder {
public static LdapNameBuilder newInstance() { return null; }
public static LdapNameBuilder newInstance(String name) { return null; }
public LdapNameBuilder add(String name) { return null; }
public LdapNameBuilder add(String key, Object value) { return null; }
public LdapName build() { return null; }
}

7
java/ql/test/experimental/stubs/spring-ldap-2.3.2/org/springframework/ldap/support/LdapUtils.java Normal file
View File

@@ -0,0 +1,7 @@
package org.springframework.ldap.support;
import javax.naming.ldap.LdapName;
public class LdapUtils {
public static LdapName newLdapName(String distinguishedName) { return null; }
}