hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.22.0
codeql/java/ql/test/library-tests/dataflow/taintsources/SpringMultiPart.java
Tony Torralba 2df30dc107 Use InlineFlowTest for local and remote flow tests
2021-10-08 11:48:35 +02:00

28 lines
994 B
Java
Raw Permalink Blame History

import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartRequest;
public class SpringMultiPart {
MultipartFile file;
private static void sink(Object o) {}
public void test() throws Exception {
sink(file.getBytes()); // $hasRemoteValueFlow
sink(file.isEmpty()); // Safe
sink(file.getInputStream()); // $hasRemoteValueFlow
sink(file.getResource()); // $hasRemoteValueFlow
sink(file.getName()); // $hasRemoteValueFlow
sink(file.getContentType()); // $hasRemoteValueFlow
sink(file.getOriginalFilename()); // $hasRemoteValueFlow
}
public void test(MultipartRequest request) {
sink(request.getFile("name"));// $hasRemoteValueFlow
sink(request.getFileMap());// $hasRemoteValueFlow
sink(request.getFileNames());// $hasRemoteValueFlow
sink(request.getFiles("name"));// $hasRemoteValueFlow
sink(request.getMultiFileMap());// $hasRemoteValueFlow
sink(request.getMultipartContentType("name")); // $hasRemoteValueFlow
}
}
Reference in New Issue View Git Blame Copy Permalink