hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.2
codeql/java/ql/test/library-tests/frameworks/spring/controller/Test.java
Owen Mansel-Chan 708bbe391e Add test for SpringRequestMappingMethod.getAValue
2025-05-22 12:22:34 +01:00

212 lines
6.3 KiB
Java
Raw Permalink Blame History

import java.io.InputStream;
import java.io.OutputStream;
import java.io.Reader;
import java.io.Writer;
import java.security.Principal;
import java.time.ZoneId;
import java.util.Locale;
import java.util.TimeZone;
import javax.servlet.http.HttpSession;
import javax.servlet.http.PushBuilder;
import javax.servlet.ServletRequest;
import org.springframework.data.domain.Pageable;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.stereotype.Controller;
import org.springframework.validation.Errors;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.util.UriComponentsBuilder;
import org.springframework.web.context.request.WebRequest;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import org.springframework.web.bind.support.SessionStatus;
import org.springframework.web.bind.annotation.MatrixVariable;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.RequestPart;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.SessionAttribute;
public class Test {
static void sink(Object o) {
}
@Controller
static class NotTaintedTest {
@RequestMapping("/")
public void get(WebRequest src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(NativeWebRequest src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(ServletRequest src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(HttpSession src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(PushBuilder src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(Principal src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(HttpMethod src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(Locale src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(TimeZone src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(ZoneId src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(OutputStream src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(Writer src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(RedirectAttributes src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(Errors src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(SessionStatus src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(UriComponentsBuilder src) { // $ RequestMappingURL="/"
sink(src);
}
@RequestMapping("/")
public void get(Pageable src) { // $ RequestMappingURL="/"
sink(src);
}
}
@Controller
static class ExplicitlyTaintedTest {
@RequestMapping("/")
public void get(InputStream src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void get(Reader src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void matrixVariable(@MatrixVariable Object src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void requestParam(@RequestParam Object src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void requestHeader(@RequestHeader Object src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void cookieValue(@CookieValue Object src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void requestPart(@RequestPart Object src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void pathVariable(@PathVariable Object src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void requestBody(@RequestBody Object src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void get(HttpEntity src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void requestAttribute(@RequestAttribute Object src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void sessionAttribute(@SessionAttribute Object src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
}
@Controller
static class ImplicitlyTaintedTest {
static class Pojo {
}
@RequestMapping("/")
public void get(String src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
@RequestMapping("/")
public void get1(Pojo src) { // $ RequestMappingURL="/"
sink(src); // $hasValueFlow
}
}
@Controller
static class MultipleValuesTest {
@RequestMapping({"/a", "/b"})
public void get(WebRequest src) { // $ RequestMappingURL="/a" RequestMappingURL="/b"
}
}
}
Reference in New Issue View Git Blame Copy Permalink