-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathTest.java
More file actions
38 lines (30 loc) · 922 Bytes
/
Test.java
File metadata and controls
38 lines (30 loc) · 922 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import com.google.gson.Gson;
public class Test {
public static class Potato {
private String name;
private Potato inner;
private Object object;
private String getName() {
return name;
}
private Potato getInner() {
return inner;
}
private Object getObject() {
return object;
}
}
public static String source() {
return "";
}
public static void sink(Object any) {}
public static void gsonfromJson() throws Exception {
String s = source();
Potato tainted = new Gson().fromJson(s, Potato.class);
sink(tainted); // $ hasTaintFlow
sink(tainted.getName()); // $ hasTaintFlow
sink(tainted.getInner()); // $ hasTaintFlow
sink(tainted.getInner().getName()); // $ hasTaintFlow
sink(tainted.getObject()); // $ hasTaintFlow
}
}