hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove the same callable constraint

Browse Source
This commit is contained in:
luchua-bc
2022-02-15 12:44:23 +00:00
parent 2b5982fd9d
commit fd533f2ba8
2 changed files with 9 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/experimental/Security/CWE/CWE-073/JFinalController.qll
View File

@@ -50,8 +50,7 @@ private class SetToGetAttributeStep extends AdditionalValueStep {
sma.getMethod() instanceof SetRequestAttributeMethod
) and
gma.getArgument(0).(CompileTimeConstantExpr).getStringValue() =
sma.getArgument(0).(CompileTimeConstantExpr).getStringValue() and
gma.getEnclosingCallable() = sma.getEnclosingCallable()
sma.getArgument(0).(CompileTimeConstantExpr).getStringValue()
|
pred.asExpr() = sma.getArgument(1) and
succ.asExpr() = gma

16
java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.java
View File

@@ -85,8 +85,8 @@ public class FilePathInjection extends Controller {
// BAD: Upload file to user specified path without validation through request attribute
public void uploadFile4() throws IOException {
String savePath = getPara("dir");
setAttr("uploadDir", savePath);
String requestUploadDir = getAttr("uploadDir");
setAttr("uploadDir2", savePath);
String requestUploadDir = getAttr("uploadDir2");
File file = getFile("fileParam").getFile();
String finalFilePath = BASE_PATH + requestUploadDir;
@@ -108,8 +108,8 @@ public class FilePathInjection extends Controller {
// BAD: Upload file to user specified path without validation through session object (not detected)
public void uploadFile5() throws IOException {
String savePath = getPara("dir");
getSession().setAttribute("uploadDir", savePath);
String sessionUploadDir = getSessionAttr("uploadDir");
getSession().setAttribute("uploadDir3", savePath);
String sessionUploadDir = getSessionAttr("uploadDir3");
File file = getFile("fileParam").getFile();
String finalFilePath = BASE_PATH + sessionUploadDir;
@@ -130,8 +130,8 @@ public class FilePathInjection extends Controller {
// GOOD: Upload file to a system path from a request object
public void uploadFile6() throws IOException {
setAttr("uploadDir", "/data/upload_dir/");
String requestUploadDir = getAttr("uploadDir");
setAttr("uploadDir4", "/data/upload_dir/");
String requestUploadDir = getAttr("uploadDir4");
File file = getFile("fileParam").getFile();
String finalFilePath = BASE_PATH + requestUploadDir;
@@ -153,9 +153,9 @@ public class FilePathInjection extends Controller {
// GOOD: Upload file to a system path from a request object
public void uploadFile7() throws IOException {
String savePath = getPara("dir");
setAttr("uploadDir", savePath);
setAttr("uploadDir5", savePath);
setAttr("realUploadDir", "/data/upload_dir/");
String requestUploadDir = getAttr("realUploadDir");
String requestUploadDir = getAttr("realUploadDir5");
File file = getFile("fileParam").getFile();
String finalFilePath = BASE_PATH + requestUploadDir;