hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-24 16:17:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d7659a01fb24d01c5836b6d16c45eb417e168a17
codeql/java/ql/test/query-tests/security/CWE-918/ApacheHttpClientExecuteSSRF.java
copilot-swe-agent[bot] d7659a01fb Make ApacheHttpClientExecuteSSRF setup runtime-valid
2026-05-22 12:48:56 +00:00

196 lines
6.2 KiB
Java
Raw Blame History

import java.io.IOException;
import java.net.URI;
import org.apache.http.Header;
import org.apache.http.HeaderIterator;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.ProtocolVersion;
import org.apache.http.RequestLine;
import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.message.BasicHttpRequest;
import org.apache.http.params.HttpParams;
import org.apache.http.protocol.HttpContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class ApacheHttpClientExecuteSSRF extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
String sink = request.getParameter("host"); // $ Source
HttpHost host = new HttpHost(sink);
HttpRequest req = new BasicHttpRequest("GET", "/");
HttpUriRequest uriReq = new HttpUriRequest() {
@Override
public String getMethod() {
return "GET";
}
@Override
public URI getURI() {
return URI.create("https://" + sink);
}
@Override
public void abort() throws UnsupportedOperationException {
}
@Override
public boolean isAborted() {
return false;
}
@Override
public RequestLine getRequestLine() {
return null;
}
@Override
public ProtocolVersion getProtocolVersion() {
return null;
}
@Override
public boolean containsHeader(String name) {
return false;
}
@Override
public Header[] getHeaders(String name) {
return null;
}
@Override
public Header getFirstHeader(String name) {
return null;
}
@Override
public Header getLastHeader(String name) {
return null;
}
@Override
public Header[] getAllHeaders() {
return null;
}
@Override
public void addHeader(Header header) {
}
@Override
public void addHeader(String name, String value) {
}
@Override
public void setHeader(Header header) {
}
@Override
public void setHeader(String name, String value) {
}
@Override
public void setHeaders(Header[] headers) {
}
@Override
public void removeHeader(Header header) {
}
@Override
public void removeHeaders(String name) {
}
@Override
public HeaderIterator headerIterator() {
return null;
}
@Override
public HeaderIterator headerIterator(String name) {
return null;
}
@Override
public HttpParams getParams() {
return null;
}
@Override
public void setParams(HttpParams params) {
}
};
HttpContext context = null;
HttpClient client = new HttpClient() {
@Override
public HttpResponse execute(HttpHost target, HttpRequest request) throws IOException {
return null;
}
@Override
public HttpResponse execute(HttpHost target, HttpRequest request, HttpContext context) throws IOException {
return null;
}
@Override
public <T> T execute(HttpHost target, HttpRequest request, ResponseHandler<? extends T> responseHandler)
throws IOException {
return null;
}
@Override
public <T> T execute(HttpHost target, HttpRequest request, ResponseHandler<? extends T> responseHandler,
HttpContext context) throws IOException {
return null;
}
@Override
public HttpResponse execute(HttpUriRequest request) throws IOException {
return null;
}
@Override
public HttpResponse execute(HttpUriRequest request, HttpContext context) throws IOException {
return null;
}
@Override
public <T> T execute(HttpUriRequest request, ResponseHandler<? extends T> responseHandler)
throws IOException {
return null;
}
@Override
public <T> T execute(HttpUriRequest request, ResponseHandler<? extends T> responseHandler,
HttpContext context) throws IOException {
return null;
}
};
ResponseHandler<Object> handler = null;
client.execute(host, req); // $ Alert
client.execute(host, req, context); // $ Alert
client.execute(host, req, handler); // $ Alert
client.execute(host, req, handler, context); // $ Alert
client.execute(uriReq); // $ Alert
client.execute(uriReq, context); // $ Alert
client.execute(uriReq, handler); // $ Alert
client.execute(uriReq, handler, context); // $ Alert
} catch (Exception e) {
// TODO: handle exception
}
}
}
Reference in New Issue View Git Blame Copy Permalink