mirror of
https://github.com/github/codeql.git
synced 2026-04-30 03:05:15 +02:00
Add Spring LDAP and JMXServiceURL related sinks
This commit is contained in:
Grzegorz Golawski
@@ -1,116 +1,130 @@
|
||||
edges
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:16:16:16:22 | nameStr |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:17:20:17:26 | nameStr |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:18:29:18:35 | nameStr |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:19:16:19:22 | nameStr |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:20:14:20:20 | nameStr |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:21:22:21:28 | nameStr |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:23:16:23:19 | name |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:24:20:24:23 | name |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:25:29:25:32 | name |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:26:16:26:19 | name |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:27:14:27:17 | name |
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:28:22:28:25 | name |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:35:16:35:22 | nameStr |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:36:20:36:26 | nameStr |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:37:16:37:22 | nameStr |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:38:14:38:20 | nameStr |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:39:22:39:28 | nameStr |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:41:16:41:19 | name |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:42:20:42:23 | name |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:43:16:43:19 | name |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:44:14:44:17 | name |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:45:22:45:25 | name |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:52:16:52:22 | nameStr |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:53:20:53:26 | nameStr |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:54:16:54:22 | nameStr |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:55:14:55:20 | nameStr |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:56:22:56:28 | nameStr |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:58:16:58:19 | name |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:59:20:59:23 | name |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:60:16:60:19 | name |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:61:14:61:17 | name |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:62:22:62:25 | name |
|
||||
| JndiInjection.java:65:42:65:69 | nameStr : String | JndiInjection.java:68:16:68:22 | nameStr |
|
||||
| JndiInjection.java:65:42:65:69 | nameStr : String | JndiInjection.java:69:16:69:22 | nameStr |
|
||||
| JndiInjection.java:72:41:72:68 | nameStr : String | JndiInjection.java:75:16:75:22 | nameStr |
|
||||
| JndiInjection.java:72:41:72:68 | nameStr : String | JndiInjection.java:76:16:76:22 | nameStr |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:22:16:22:22 | nameStr |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:23:20:23:26 | nameStr |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:24:29:24:35 | nameStr |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:25:16:25:22 | nameStr |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:26:14:26:20 | nameStr |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:27:22:27:28 | nameStr |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:29:16:29:19 | name |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:30:20:30:23 | name |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:31:29:31:32 | name |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:32:16:32:19 | name |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:33:14:33:17 | name |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:34:22:34:25 | name |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:41:16:41:22 | nameStr |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:42:20:42:26 | nameStr |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:43:16:43:22 | nameStr |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:44:14:44:20 | nameStr |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:45:22:45:28 | nameStr |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:47:16:47:19 | name |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:48:20:48:23 | name |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:49:16:49:19 | name |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:50:14:50:17 | name |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:51:22:51:25 | name |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:58:16:58:22 | nameStr |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:59:20:59:26 | nameStr |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:60:16:60:22 | nameStr |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:61:14:61:20 | nameStr |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:62:22:62:28 | nameStr |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:64:16:64:19 | name |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:65:20:65:23 | name |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:66:16:66:19 | name |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:67:14:67:17 | name |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:68:22:68:25 | name |
|
||||
| JndiInjection.java:71:42:71:69 | nameStr : String | JndiInjection.java:74:16:74:22 | nameStr |
|
||||
| JndiInjection.java:71:42:71:69 | nameStr : String | JndiInjection.java:75:16:75:22 | nameStr |
|
||||
| JndiInjection.java:78:42:78:69 | nameStr : String | JndiInjection.java:81:16:81:22 | nameStr |
|
||||
| JndiInjection.java:78:42:78:69 | nameStr : String | JndiInjection.java:82:23:82:29 | nameStr |
|
||||
| JndiInjection.java:85:41:85:68 | nameStr : String | JndiInjection.java:88:16:88:22 | nameStr |
|
||||
| JndiInjection.java:85:41:85:68 | nameStr : String | JndiInjection.java:89:16:89:22 | nameStr |
|
||||
| JndiInjection.java:92:37:92:63 | urlStr : String | JndiInjection.java:93:33:93:57 | new JMXServiceURL(...) |
|
||||
| JndiInjection.java:92:37:92:63 | urlStr : String | JndiInjection.java:97:5:97:13 | connector |
|
||||
nodes
|
||||
| JndiInjection.java:12:38:12:65 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:16:16:16:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:17:20:17:26 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:18:29:18:35 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:19:16:19:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:20:14:20:20 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:21:22:21:28 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:23:16:23:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:24:20:24:23 | name | semmle.label | name |
|
||||
| JndiInjection.java:25:29:25:32 | name | semmle.label | name |
|
||||
| JndiInjection.java:26:16:26:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:27:14:27:17 | name | semmle.label | name |
|
||||
| JndiInjection.java:28:22:28:25 | name | semmle.label | name |
|
||||
| JndiInjection.java:31:41:31:68 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:35:16:35:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:36:20:36:26 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:37:16:37:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:38:14:38:20 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:39:22:39:28 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:41:16:41:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:42:20:42:23 | name | semmle.label | name |
|
||||
| JndiInjection.java:43:16:43:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:44:14:44:17 | name | semmle.label | name |
|
||||
| JndiInjection.java:45:22:45:25 | name | semmle.label | name |
|
||||
| JndiInjection.java:48:42:48:69 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:52:16:52:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:53:20:53:26 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:54:16:54:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:55:14:55:20 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:56:22:56:28 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:58:16:58:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:59:20:59:23 | name | semmle.label | name |
|
||||
| JndiInjection.java:60:16:60:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:61:14:61:17 | name | semmle.label | name |
|
||||
| JndiInjection.java:62:22:62:25 | name | semmle.label | name |
|
||||
| JndiInjection.java:65:42:65:69 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:68:16:68:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:69:16:69:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:72:41:72:68 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:18:38:18:65 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:22:16:22:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:23:20:23:26 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:24:29:24:35 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:25:16:25:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:26:14:26:20 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:27:22:27:28 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:29:16:29:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:30:20:30:23 | name | semmle.label | name |
|
||||
| JndiInjection.java:31:29:31:32 | name | semmle.label | name |
|
||||
| JndiInjection.java:32:16:32:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:33:14:33:17 | name | semmle.label | name |
|
||||
| JndiInjection.java:34:22:34:25 | name | semmle.label | name |
|
||||
| JndiInjection.java:37:41:37:68 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:41:16:41:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:42:20:42:26 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:43:16:43:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:44:14:44:20 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:45:22:45:28 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:47:16:47:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:48:20:48:23 | name | semmle.label | name |
|
||||
| JndiInjection.java:49:16:49:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:50:14:50:17 | name | semmle.label | name |
|
||||
| JndiInjection.java:51:22:51:25 | name | semmle.label | name |
|
||||
| JndiInjection.java:54:42:54:69 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:58:16:58:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:59:20:59:26 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:60:16:60:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:61:14:61:20 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:62:22:62:28 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:64:16:64:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:65:20:65:23 | name | semmle.label | name |
|
||||
| JndiInjection.java:66:16:66:19 | name | semmle.label | name |
|
||||
| JndiInjection.java:67:14:67:17 | name | semmle.label | name |
|
||||
| JndiInjection.java:68:22:68:25 | name | semmle.label | name |
|
||||
| JndiInjection.java:71:42:71:69 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:74:16:74:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:75:16:75:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:76:16:76:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:78:42:78:69 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:81:16:81:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:82:23:82:29 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:85:41:85:68 | nameStr : String | semmle.label | nameStr : String |
|
||||
| JndiInjection.java:88:16:88:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:89:16:89:22 | nameStr | semmle.label | nameStr |
|
||||
| JndiInjection.java:92:37:92:63 | urlStr : String | semmle.label | urlStr : String |
|
||||
| JndiInjection.java:93:33:93:57 | new JMXServiceURL(...) | semmle.label | new JMXServiceURL(...) |
|
||||
| JndiInjection.java:97:5:97:13 | connector | semmle.label | connector |
|
||||
#select
|
||||
| JndiInjection.java:16:16:16:22 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:16:16:16:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:17:20:17:26 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:17:20:17:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:18:29:18:35 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:18:29:18:35 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:19:16:19:22 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:19:16:19:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:20:14:20:20 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:20:14:20:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:21:22:21:28 | nameStr | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:21:22:21:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:23:16:23:19 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:23:16:23:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:24:20:24:23 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:24:20:24:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:25:29:25:32 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:25:29:25:32 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:26:16:26:19 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:26:16:26:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:27:14:27:17 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:27:14:27:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:28:22:28:25 | name | JndiInjection.java:12:38:12:65 | nameStr : String | JndiInjection.java:28:22:28:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:12:38:12:65 | nameStr | this user input |
|
||||
| JndiInjection.java:35:16:35:22 | nameStr | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:35:16:35:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
|
||||
| JndiInjection.java:36:20:36:26 | nameStr | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:36:20:36:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
|
||||
| JndiInjection.java:37:16:37:22 | nameStr | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:37:16:37:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
|
||||
| JndiInjection.java:38:14:38:20 | nameStr | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:38:14:38:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
|
||||
| JndiInjection.java:39:22:39:28 | nameStr | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:39:22:39:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
|
||||
| JndiInjection.java:41:16:41:19 | name | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:41:16:41:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
|
||||
| JndiInjection.java:42:20:42:23 | name | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:42:20:42:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
|
||||
| JndiInjection.java:43:16:43:19 | name | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:43:16:43:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
|
||||
| JndiInjection.java:44:14:44:17 | name | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:44:14:44:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
|
||||
| JndiInjection.java:45:22:45:25 | name | JndiInjection.java:31:41:31:68 | nameStr : String | JndiInjection.java:45:22:45:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:31:41:31:68 | nameStr | this user input |
|
||||
| JndiInjection.java:52:16:52:22 | nameStr | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:52:16:52:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
|
||||
| JndiInjection.java:53:20:53:26 | nameStr | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:53:20:53:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
|
||||
| JndiInjection.java:54:16:54:22 | nameStr | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:54:16:54:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
|
||||
| JndiInjection.java:55:14:55:20 | nameStr | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:55:14:55:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
|
||||
| JndiInjection.java:56:22:56:28 | nameStr | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:56:22:56:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
|
||||
| JndiInjection.java:58:16:58:19 | name | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:58:16:58:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
|
||||
| JndiInjection.java:59:20:59:23 | name | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:59:20:59:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
|
||||
| JndiInjection.java:60:16:60:19 | name | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:60:16:60:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
|
||||
| JndiInjection.java:61:14:61:17 | name | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:61:14:61:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
|
||||
| JndiInjection.java:62:22:62:25 | name | JndiInjection.java:48:42:48:69 | nameStr : String | JndiInjection.java:62:22:62:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:48:42:48:69 | nameStr | this user input |
|
||||
| JndiInjection.java:68:16:68:22 | nameStr | JndiInjection.java:65:42:65:69 | nameStr : String | JndiInjection.java:68:16:68:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:65:42:65:69 | nameStr | this user input |
|
||||
| JndiInjection.java:69:16:69:22 | nameStr | JndiInjection.java:65:42:65:69 | nameStr : String | JndiInjection.java:69:16:69:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:65:42:65:69 | nameStr | this user input |
|
||||
| JndiInjection.java:75:16:75:22 | nameStr | JndiInjection.java:72:41:72:68 | nameStr : String | JndiInjection.java:75:16:75:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:72:41:72:68 | nameStr | this user input |
|
||||
| JndiInjection.java:76:16:76:22 | nameStr | JndiInjection.java:72:41:72:68 | nameStr : String | JndiInjection.java:76:16:76:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:72:41:72:68 | nameStr | this user input |
|
||||
| JndiInjection.java:22:16:22:22 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:22:16:22:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:23:20:23:26 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:23:20:23:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:24:29:24:35 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:24:29:24:35 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:25:16:25:22 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:25:16:25:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:26:14:26:20 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:26:14:26:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:27:22:27:28 | nameStr | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:27:22:27:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:29:16:29:19 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:29:16:29:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:30:20:30:23 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:30:20:30:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:31:29:31:32 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:31:29:31:32 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:32:16:32:19 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:32:16:32:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:33:14:33:17 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:33:14:33:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:34:22:34:25 | name | JndiInjection.java:18:38:18:65 | nameStr : String | JndiInjection.java:34:22:34:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:18:38:18:65 | nameStr | this user input |
|
||||
| JndiInjection.java:41:16:41:22 | nameStr | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:41:16:41:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
|
||||
| JndiInjection.java:42:20:42:26 | nameStr | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:42:20:42:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
|
||||
| JndiInjection.java:43:16:43:22 | nameStr | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:43:16:43:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
|
||||
| JndiInjection.java:44:14:44:20 | nameStr | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:44:14:44:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
|
||||
| JndiInjection.java:45:22:45:28 | nameStr | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:45:22:45:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
|
||||
| JndiInjection.java:47:16:47:19 | name | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:47:16:47:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
|
||||
| JndiInjection.java:48:20:48:23 | name | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:48:20:48:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
|
||||
| JndiInjection.java:49:16:49:19 | name | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:49:16:49:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
|
||||
| JndiInjection.java:50:14:50:17 | name | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:50:14:50:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
|
||||
| JndiInjection.java:51:22:51:25 | name | JndiInjection.java:37:41:37:68 | nameStr : String | JndiInjection.java:51:22:51:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:37:41:37:68 | nameStr | this user input |
|
||||
| JndiInjection.java:58:16:58:22 | nameStr | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:58:16:58:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
|
||||
| JndiInjection.java:59:20:59:26 | nameStr | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:59:20:59:26 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
|
||||
| JndiInjection.java:60:16:60:22 | nameStr | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:60:16:60:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
|
||||
| JndiInjection.java:61:14:61:20 | nameStr | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:61:14:61:20 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
|
||||
| JndiInjection.java:62:22:62:28 | nameStr | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:62:22:62:28 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
|
||||
| JndiInjection.java:64:16:64:19 | name | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:64:16:64:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
|
||||
| JndiInjection.java:65:20:65:23 | name | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:65:20:65:23 | name | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
|
||||
| JndiInjection.java:66:16:66:19 | name | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:66:16:66:19 | name | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
|
||||
| JndiInjection.java:67:14:67:17 | name | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:67:14:67:17 | name | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
|
||||
| JndiInjection.java:68:22:68:25 | name | JndiInjection.java:54:42:54:69 | nameStr : String | JndiInjection.java:68:22:68:25 | name | JNDI lookup might include name from $@. | JndiInjection.java:54:42:54:69 | nameStr | this user input |
|
||||
| JndiInjection.java:74:16:74:22 | nameStr | JndiInjection.java:71:42:71:69 | nameStr : String | JndiInjection.java:74:16:74:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:71:42:71:69 | nameStr | this user input |
|
||||
| JndiInjection.java:75:16:75:22 | nameStr | JndiInjection.java:71:42:71:69 | nameStr : String | JndiInjection.java:75:16:75:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:71:42:71:69 | nameStr | this user input |
|
||||
| JndiInjection.java:81:16:81:22 | nameStr | JndiInjection.java:78:42:78:69 | nameStr : String | JndiInjection.java:81:16:81:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:78:42:78:69 | nameStr | this user input |
|
||||
| JndiInjection.java:82:23:82:29 | nameStr | JndiInjection.java:78:42:78:69 | nameStr : String | JndiInjection.java:82:23:82:29 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:78:42:78:69 | nameStr | this user input |
|
||||
| JndiInjection.java:88:16:88:22 | nameStr | JndiInjection.java:85:41:85:68 | nameStr : String | JndiInjection.java:88:16:88:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:85:41:85:68 | nameStr | this user input |
|
||||
| JndiInjection.java:89:16:89:22 | nameStr | JndiInjection.java:85:41:85:68 | nameStr : String | JndiInjection.java:89:16:89:22 | nameStr | JNDI lookup might include name from $@. | JndiInjection.java:85:41:85:68 | nameStr | this user input |
|
||||
| JndiInjection.java:93:33:93:57 | new JMXServiceURL(...) | JndiInjection.java:92:37:92:63 | urlStr : String | JndiInjection.java:93:33:93:57 | new JMXServiceURL(...) | JNDI lookup might include name from $@. | JndiInjection.java:92:37:92:63 | urlStr | this user input |
|
||||
| JndiInjection.java:97:5:97:13 | connector | JndiInjection.java:92:37:92:63 | urlStr : String | JndiInjection.java:97:5:97:13 | connector | JNDI lookup might include name from $@. | JndiInjection.java:92:37:92:63 | urlStr | this user input |
|
||||
|
||||
@@ -1,3 +1,8 @@
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.management.remote.JMXConnector;
|
||||
import javax.management.remote.JMXConnectorFactory;
|
||||
import javax.management.remote.JMXServiceURL;
|
||||
import javax.naming.CompositeName;
|
||||
import javax.naming.InitialContext;
|
||||
import javax.naming.Name;
|
||||
@@ -6,6 +11,7 @@ import javax.naming.directory.InitialDirContext;
|
||||
import javax.naming.ldap.InitialLdapContext;
|
||||
|
||||
import org.springframework.jndi.JndiTemplate;
|
||||
import org.springframework.ldap.core.LdapTemplate;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
|
||||
public class JndiInjection {
|
||||
@@ -69,10 +75,25 @@ public class JndiInjection {
|
||||
ctx.lookup(nameStr, null);
|
||||
}
|
||||
|
||||
public void testSpringLdapTemplateBad1(@RequestParam String nameStr) throws NamingException {
|
||||
LdapTemplate ctx = new LdapTemplate();
|
||||
|
||||
ctx.lookup(nameStr);
|
||||
ctx.lookupContext(nameStr);
|
||||
}
|
||||
|
||||
public void testShiroJndiTemplateBad1(@RequestParam String nameStr) throws NamingException {
|
||||
org.apache.shiro.jndi.JndiTemplate ctx = new org.apache.shiro.jndi.JndiTemplate();
|
||||
|
||||
ctx.lookup(nameStr);
|
||||
ctx.lookup(nameStr, null);
|
||||
}
|
||||
|
||||
public void testJMXServiceUrlBad1(@RequestParam String urlStr) throws IOException {
|
||||
JMXConnectorFactory.connect(new JMXServiceURL(urlStr));
|
||||
|
||||
JMXServiceURL url = new JMXServiceURL(urlStr);
|
||||
JMXConnector connector = JMXConnectorFactory.newJMXConnector(url, null);
|
||||
connector.connect();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/shiro-core-1.5.2
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../stubs/spring-ldap-2.3.2
|
||||
Reference in New Issue
Block a user