mirror of
https://github.com/github/codeql.git
synced 2025-12-18 18:10:39 +01:00
92 lines
3.5 KiB
Java
92 lines
3.5 KiB
Java
import java.beans.XMLDecoder;
|
|
import java.io.BufferedReader;
|
|
import javax.servlet.ServletInputStream;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
import javax.xml.transform.stream.StreamSource;
|
|
import javax.xml.validation.Schema;
|
|
import javax.xml.validation.SchemaFactory;
|
|
import javax.xml.validation.Validator;
|
|
import org.rundeck.api.parser.ParserHelper;
|
|
import org.apache.commons.digester3.Digester;
|
|
import org.dom4j.Document;
|
|
import org.dom4j.DocumentHelper;
|
|
import org.springframework.stereotype.Controller;
|
|
import org.springframework.web.bind.annotation.PostMapping;
|
|
|
|
@Controller
|
|
public class XXE {
|
|
|
|
@PostMapping(value = "bad1")
|
|
public void bad1(HttpServletRequest request, HttpServletResponse response) throws Exception {
|
|
ServletInputStream servletInputStream = request.getInputStream();
|
|
Digester digester = new Digester();
|
|
digester.parse(servletInputStream); //bad
|
|
}
|
|
|
|
@PostMapping(value = "bad2")
|
|
public void bad2(HttpServletRequest request) throws Exception {
|
|
BufferedReader br = request.getReader();
|
|
String str = "";
|
|
StringBuilder listString = new StringBuilder();
|
|
while ((str = br.readLine()) != null) {
|
|
listString.append(str).append("\n");
|
|
}
|
|
Document document = DocumentHelper.parseText(listString.toString()); //bad
|
|
}
|
|
|
|
@PostMapping(value = "bad3")
|
|
public void bad3(HttpServletRequest request) throws Exception {
|
|
ServletInputStream servletInputStream = request.getInputStream();
|
|
SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
|
|
Schema schema = factory.newSchema();
|
|
Validator validator = schema.newValidator();
|
|
StreamSource source = new StreamSource(servletInputStream);
|
|
validator.validate(source); //bad
|
|
}
|
|
|
|
@PostMapping(value = "bad4")
|
|
public void bad4(HttpServletRequest request) throws Exception {
|
|
ServletInputStream servletInputStream = request.getInputStream();
|
|
XMLDecoder xmlDecoder = new XMLDecoder(servletInputStream);
|
|
xmlDecoder.readObject(); //bad
|
|
}
|
|
|
|
@PostMapping(value = "bad5")
|
|
public void bad5(HttpServletRequest request) throws Exception {
|
|
Document document = ParserHelper.loadDocument(request.getInputStream()); //bad
|
|
}
|
|
|
|
@PostMapping(value = "good1")
|
|
public void good1(HttpServletRequest request, HttpServletResponse response) throws Exception {
|
|
BufferedReader br = request.getReader();
|
|
String str = "";
|
|
StringBuilder listString = new StringBuilder();
|
|
while ((str = br.readLine()) != null) {
|
|
listString.append(str);
|
|
}
|
|
Digester digester = new Digester();
|
|
digester.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
|
digester.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
|
digester.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
|
digester.parse(listString.toString());
|
|
}
|
|
|
|
@PostMapping(value = "good2")
|
|
public void good2(HttpServletRequest request, HttpServletResponse response) throws Exception {
|
|
BufferedReader br = request.getReader();
|
|
String str = "";
|
|
StringBuilder listString = new StringBuilder();
|
|
while ((str = br.readLine()) != null) {
|
|
listString.append(str).append("\n");
|
|
}
|
|
SchemaFactory factory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
|
|
Schema schema = factory.newSchema();
|
|
Validator validator = schema.newValidator();
|
|
validator.setProperty("http://javax.xml.XMLConstants/property/accessExternalDTD", "");
|
|
validator.setProperty("http://javax.xml.XMLConstants/property/accessExternalSchema", "");
|
|
StreamSource source = new StreamSource(listString.toString());
|
|
validator.validate(source);
|
|
}
|
|
}
|