hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/java/ql/test/query-tests/security/CWE-094/TemplateInjection/PebbleSSTI.java
Nora Dimitrijević c77875d834 Java: convert TemplateInjection test to .qlref
2025-06-24 16:41:56 +02:00

30 lines
1003 B
Java
Raw Permalink Blame History

import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import java.lang.String;
import java.io.Reader;
import java.io.StringReader;
import com.mitchellbosecke.pebble.PebbleEngine;
import com.mitchellbosecke.pebble.template.*;
@Controller
public class PebbleSSTI {
String sourceName = "sourceName";
@GetMapping(value = "bad1")
public void bad1(HttpServletRequest request) {
String templateName = request.getParameter("templateName"); // $ Source
PebbleEngine engine = new PebbleEngine.Builder().build();
PebbleTemplate compiledTemplate = engine.getTemplate(templateName); // $ Alert
}
@GetMapping(value = "bad2")
public void bad2(HttpServletRequest request) {
String templateName = request.getParameter("templateName"); // $ Source
PebbleEngine engine = new PebbleEngine.Builder().build();
PebbleTemplate compiledTemplate = engine.getLiteralTemplate(templateName); // $ Alert
}
}
Reference in New Issue View Git Blame Copy Permalink