hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/java/ql/test/query-tests/security/CWE-918/mad/Test.java
Nora Dimitrijević aac4f63e9a Java: convert RequestForgery test to .qlref
2025-06-24 16:42:32 +02:00

116 lines
6.5 KiB
Java
Raw Permalink Blame History

import java.net.DatagramSocket;
import java.net.Proxy;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.List;
import javax.activation.URLDataSource;
import javax.servlet.http.HttpServletRequest;
import javafx.scene.web.WebEngine;
import org.apache.commons.jelly.JellyContext;
import org.apache.cxf.catalog.OASISCatalogManager;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.resource.ExtendedURIResolver;
import org.apache.cxf.resource.URIResolver;
import org.codehaus.cargo.container.installer.ZipURLInstaller;
import org.kohsuke.stapler.HttpResponses;
import play.libs.ws.WSClient;
import play.libs.ws.StandaloneWSClient;
public class Test {
private static HttpServletRequest request;
public static Object source() {
return request.getParameter(null); // $ Source
}
public void test(DatagramSocket socket) throws Exception {
// "java.net;DatagramSocket;true;connect;(SocketAddress);;Argument[0];open-url;ai-generated"
socket.connect((SocketAddress) source()); // $ Alert
}
public void test(URL url) throws Exception {
// "java.net;URL;false;openConnection;(Proxy);:Argument[this]:open-url;manual"
((URL) source()).openConnection(); // $ Alert
// "java.net;URL;false;openConnection;(Proxy);:Argument[0]:open-url;ai-generated"
url.openConnection((Proxy) source()); // $ Alert
// "java.net;URL;false;openStream;;:Argument[this]:open-url;manual"
((URL) source()).openStream(); // $ Alert
}
public void test() throws Exception {
// "java.net;URLClassLoader;false;URLClassLoader;(String,URL[],ClassLoader);;Argument[1];open-url;manual"
new URLClassLoader("", (URL[]) source(), null); // $ Alert
// "java.net;URLClassLoader;false;URLClassLoader;(String,URL[],ClassLoader,URLStreamHandlerFactory);;Argument[1];open-url;manual"
new URLClassLoader("", (URL[]) source(), null, null); // $ Alert
// "java.net;URLClassLoader;false;URLClassLoader;(URL[]);;Argument[0];open-url;manual"
new URLClassLoader((URL[]) source()); // $ Alert
// "java.net;URLClassLoader;false;URLClassLoader;(URL[],ClassLoader);;Argument[0];open-url;manual"
new URLClassLoader((URL[]) source(), null); // $ Alert
// "java.net;URLClassLoader;false;URLClassLoader;(URL[],ClassLoader,URLStreamHandlerFactory);;Argument[0];open-url;manual"
new URLClassLoader((URL[]) source(), null, null); // $ Alert
// "java.net;URLClassLoader;false;newInstance;;;Argument[0];open-url;manual"
URLClassLoader.newInstance((URL[]) source()); // $ Alert
// "org.apache.commons.jelly;JellyContext;true;JellyContext;(JellyContext,URL,URL);;Argument[1];open-url;ai-generated"
new JellyContext(null, (URL) source(), null); // $ Alert
// "org.apache.commons.jelly;JellyContext;true;JellyContext;(JellyContext,URL,URL);;Argument[2];open-url;ai-generated"
new JellyContext(null, null, (URL) source()); // $ Alert
// "org.apache.commons.jelly;JellyContext;true;JellyContext;(JellyContext,URL);;Argument[1];open-url;ai-generated"
new JellyContext((JellyContext) null, (URL) source()); // $ Alert
// "org.apache.commons.jelly;JellyContext;true;JellyContext;(URL,URL);;Argument[0];open-url;ai-generated"
new JellyContext((URL) source(), null); // $ Alert
// "org.apache.commons.jelly;JellyContext;true;JellyContext;(URL,URL);;Argument[1];open-url;ai-generated"
new JellyContext((URL) null, (URL) source()); // $ Alert
// "org.apache.commons.jelly;JellyContext;true;JellyContext;(URL);;Argument[0];open-url;ai-generated"
new JellyContext((URL) source()); // $ Alert
// "javax.activation;URLDataSource;true;URLDataSource;(URL);;Argument[0];request-forgery;manual"
new URLDataSource((URL) source()); // $ Alert
// "org.apache.cxf.catalog;OASISCatalogManager;true;loadCatalog;(URL);;Argument[0];request-forgery;manual"
new OASISCatalogManager().loadCatalog((URL) source()); // $ Alert
// @formatter:off
// "org.apache.cxf.common.classloader;ClassLoaderUtils;true;getURLClassLoader;(URL[],ClassLoader);;Argument[0];request-forgery;manual"
new ClassLoaderUtils().getURLClassLoader((URL[]) source(), null); // $ Alert
// "org.apache.cxf.common.classloader;ClassLoaderUtils;true;getURLClassLoader;(List,ClassLoader);;Argument[0];request-forgery;manual"
new ClassLoaderUtils().getURLClassLoader((List<URL>) source(), null); // $ Alert
// "org.apache.cxf.resource;ExtendedURIResolver;true;resolve;(String,String);;Argument[0];request-forgery;manual"]
new ExtendedURIResolver().resolve((String) source(), null); // $ Alert
// "org.apache.cxf.resource;URIResolver;true;URIResolver;(String);;Argument[0];request-forgery;manual"]
new URIResolver((String) source()); // $ Alert
// "org.apache.cxf.resource;URIResolver;true;URIResolver;(String,String);;Argument[1];request-forgery;manual"]
new URIResolver(null, (String) source()); // $ Alert
// "org.apache.cxf.resource;URIResolver;true;URIResolver;(String,String,Class);;Argument[1];request-forgery;manual"]
new URIResolver(null, (String) source(), null); // $ Alert
// "org.apache.cxf.resource;URIResolver;true;resolve;(String,String,Class);;Argument[1];request-forgery;manual"
new URIResolver().resolve(null, (String) source(), null); // $ Alert
// @formatter:on
}
public void test(WebEngine webEngine) {
// "javafx.scene.web;WebEngine;false;load;(String);;Argument[0];open-url;ai-generated"
webEngine.load((String) source()); // $ Alert
}
public void test(ZipURLInstaller zui) {
// "org.codehaus.cargo.container.installer;ZipURLInstaller;true;ZipURLInstaller;(URL,String,String);;Argument[0];open-url:ai-generated"
new ZipURLInstaller((URL) source(), "", ""); // $ Alert
}
public void test(HttpResponses r) {
// "org.kohsuke.stapler;HttpResponses;true;staticResource;(URL);;Argument[0];open-url;ai-generated"
r.staticResource((URL) source()); // $ Alert
}
public void test(WSClient c) {
// "play.libs.ws;WSClient;true;url;;;Argument[0];open-url;manual"
c.url((String) source()); // $ Alert
}
public void test(StandaloneWSClient c) {
// "play.libs.ws;StandaloneWSClient;true;url;;;Argument[0];open-url;manual"
c.url((String) source()); // $ Alert
}
}
Reference in New Issue View Git Blame Copy Permalink