hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: New models for JAX-RS

Browse Source
This commit is contained in:
Tony Torralba
2023-08-07 11:47:51 +02:00
parent 2300285204
commit fb0102b763
13 changed files with 382 additions and 248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/test/query-tests/security/CWE-918/mad/Test.java
View File

@@ -4,6 +4,7 @@ import java.net.Socket;
import java.net.SocketAddress;
import java.net.URL;
import java.net.URLClassLoader;
import javax.activation.URLDataSource;
import javax.servlet.http.HttpServletRequest;
import javafx.scene.web.WebEngine;
import org.apache.commons.jelly.JellyContext;
@@ -59,6 +60,8 @@ public class Test {
new JellyContext((URL) null, (URL) source()); // $ SSRF
// "org.apache.commons.jelly;JellyContext;true;JellyContext;(URL);;Argument[0];open-url;ai-generated"
new JellyContext((URL) source()); // $ SSRF
// "javax.activation;URLDataSource;true;URLDataSource;(URL);;Argument[0];request-forgery;manual"
new URLDataSource((URL) source()); // $ SSRF
}
public void test(WebEngine webEngine) {