hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.7
codeql/java/ql/test/query-tests/security/CWE-918/ReactiveWebClientSSRF.java
Nora Dimitrijević aac4f63e9a Java: convert RequestForgery test to .qlref
2025-06-24 16:42:32 +02:00

50 lines
1.6 KiB
Java
Raw Permalink Blame History

import org.springframework.http.HttpHeaders;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class ReactiveWebClientSSRF extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
String url = request.getParameter("uri"); // $ Source
WebClient webClient = WebClient.create(url); // $ Alert
Mono<String> result = webClient.get()
.uri("/")
.retrieve()
.bodyToMono(String.class);
result.block();
} catch (Exception e) {
// Ignore
}
}
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
String url = request.getParameter("uri"); // $ Source
WebClient webClient = WebClient.builder()
.defaultHeader("User-Agent", "Java")
.baseUrl(url) // $ Alert
.build();
Mono<String> result = webClient.get()
.uri("/")
.retrieve()
.bodyToMono(String.class);
result.block();
} catch (Exception e) {
// Ignore
}
}
}
Reference in New Issue View Git Blame Copy Permalink