hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 19:29:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
cf31af77c98033f02eff5dd6b72c31529f3c20bc
codeql/java/ql/test/library-tests/frameworks/micronaut/MicronautHttpRequestTest.java
Nicolas Will cf31af77c9 Add Micronaut framework support for Java QL 
Add CodeQL support for Micronaut: add MaD models for HTTP, HTTP client and multipart (sources, sinks and summary propagation), new framework QLL modules (Controller, WebSocket, Config, Data, Security). Add library tests and query tests exercising request inputs, file uploads, HttpClient sinks (SSRF), header sinks (response-splitting) and redirect sinks (open-redirect), plus expected results and extractor options. Include Micronaut 4.x stubs used by the tests.
2026-02-27 17:17:07 +01:00

68 lines
2.3 KiB
Java
Raw Blame History

import io.micronaut.http.annotation.*;
import io.micronaut.http.*;
import io.micronaut.http.cookie.*;
@Controller("/http")
class MicronautHttpRequestTest {
void sink(Object o) {}
@Get("/headers")
void testHeaders(HttpRequest<?> request) {
sink(request.getHeaders()); // $hasTaintFlow
sink(request.getHeaders().get("X-Custom")); // $hasTaintFlow
sink(request.getHeaders().getAll("X-Custom")); // $hasTaintFlow
sink(request.getHeaders().getFirst("X-Custom")); // $hasTaintFlow
sink(request.getHeaders().values()); // $hasTaintFlow
}
@Get("/params")
void testParameters(HttpRequest<?> request) {
sink(request.getParameters()); // $hasTaintFlow
sink(request.getParameters().get("q")); // $hasTaintFlow
sink(request.getParameters().getAll("q")); // $hasTaintFlow
sink(request.getParameters().getFirst("q")); // $hasTaintFlow
}
@Get("/cookies")
void testCookies(HttpRequest<?> request) {
sink(request.getCookies()); // $hasTaintFlow
Cookie cookie = request.getCookies().get("session");
sink(cookie); // $hasTaintFlow
sink(cookie.getValue()); // $hasTaintFlow
sink(cookie.getName()); // $hasTaintFlow
sink(cookie.getDomain()); // $hasTaintFlow
sink(cookie.getPath()); // $hasTaintFlow
sink(request.getCookies().getAll()); // $hasTaintFlow
sink(request.getCookies().findCookie("session")); // $hasTaintFlow
}
@Get("/uri")
void testUri(HttpRequest<?> request) {
sink(request.getUri()); // $hasTaintFlow
sink(request.getPath()); // $hasTaintFlow
sink(request.getMethodName()); // $hasTaintFlow
}
@Post("/body")
void testBody(HttpRequest<String> request) {
sink(request.getBody()); // $hasTaintFlow
}
@Get("/content")
void testContent(HttpRequest<?> request) {
sink(request.getContentType()); // $hasTaintFlow
sink(request.getContentLength()); // $hasTaintFlow
}
@Get("/redirect")
HttpResponse<?> testRedirect(HttpRequest<?> request) {
return HttpResponse.redirect(request.getUri()); // $hasTaintFlow
}
@Get("/header-set")
HttpResponse<?> testHeaderSplitting(HttpRequest<?> request) {
return HttpResponse.ok().header("X-Custom", request.getHeaders().get("User-Input")); // $hasTaintFlow
}
}
Reference in New Issue View Git Blame Copy Permalink