Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e311155

Browse files
atorralbaatorralba
committed
Use InlineExpectationsTest
1 parent b68e666 commit e311155

9 files changed

Lines changed: 54 additions & 207 deletions

java/ql/test/query-tests/security/CWE-094/FreemarkerSSTI.java

Lines changed: 17 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,7 @@ public void bad1(HttpServletRequest request) {
2323
String code = request.getParameter("code");
2424
Reader reader = new StringReader(code);
2525

26-
// Template(java.lang.String name, java.io.Reader reader)
27-
Template t = new Template(name, reader);
26+
Template t = new Template(name, reader); // $hasTemplateInjection
2827
}
2928

3029
@GetMapping(value = "bad2")
@@ -33,9 +32,8 @@ public void bad2(HttpServletRequest request) {
3332
String code = request.getParameter("code");
3433
Reader reader = new StringReader(code);
3534
Configuration cfg = new Configuration();
36-
37-
// Template(java.lang.String name, java.io.Reader reader, Configuration cfg)
38-
Template t = new Template(name, reader, cfg);
35+
36+
Template t = new Template(name, reader, cfg); // $hasTemplateInjection
3937
}
4038

4139
@GetMapping(value = "bad3")
@@ -45,9 +43,7 @@ public void bad3(HttpServletRequest request) {
4543
Reader reader = new StringReader(code);
4644
Configuration cfg = new Configuration();
4745

48-
// Template(java.lang.String name, java.io.Reader reader, Configuration cfg,
49-
// java.lang.String encoding)
50-
Template t = new Template(name, reader, cfg, "UTF-8");
46+
Template t = new Template(name, reader, cfg, "UTF-8"); // $hasTemplateInjection
5147
}
5248

5349
@GetMapping(value = "bad4")
@@ -56,9 +52,7 @@ public void bad4(HttpServletRequest request) {
5652
String sourceCode = request.getParameter("sourceCode");
5753
Configuration cfg = new Configuration();
5854

59-
// Template(java.lang.String name, java.lang.String sourceCode, Configuration
60-
// cfg)
61-
Template t = new Template(name, sourceCode, cfg);
55+
Template t = new Template(name, sourceCode, cfg); // $hasTemplateInjection
6256
}
6357

6458
@GetMapping(value = "bad5")
@@ -68,9 +62,7 @@ public void bad5(HttpServletRequest request) {
6862
Configuration cfg = new Configuration();
6963
Reader reader = new StringReader(code);
7064

71-
// Template(java.lang.String name, java.lang.String sourceName, java.io.Reader
72-
// reader, Configuration cfg)
73-
Template t = new Template(name, sourceName, reader, cfg);
65+
Template t = new Template(name, sourceName, reader, cfg); // $hasTemplateInjection
7466
}
7567

7668
@GetMapping(value = "bad6")
@@ -81,10 +73,8 @@ public void bad6(HttpServletRequest request) {
8173
ParserConfiguration customParserConfiguration = new Configuration();
8274
Reader reader = new StringReader(code);
8375

84-
// Template(java.lang.String name, java.lang.String sourceName, java.io.Reader
85-
// reader, Configuration cfg, ParserConfiguration customParserConfiguration,
86-
// java.lang.String encoding)
87-
Template t = new Template(name, sourceName, reader, cfg, customParserConfiguration, "UTF-8");
76+
Template t =
77+
new Template(name, sourceName, reader, cfg, customParserConfiguration, "UTF-8"); // $hasTemplateInjection
8878
}
8979

9080
@GetMapping(value = "bad7")
@@ -95,38 +85,33 @@ public void bad7(HttpServletRequest request) {
9585
ParserConfiguration customParserConfiguration = new Configuration();
9686
Reader reader = new StringReader(code);
9787

98-
// Template(java.lang.String name, java.lang.String sourceName, java.io.Reader
99-
// reader, Configuration cfg, java.lang.String encoding)
100-
Template t = new Template(name, sourceName, reader, cfg, "UTF-8");
88+
Template t = new Template(name, sourceName, reader, cfg, "UTF-8"); // $hasTemplateInjection
10189
}
10290

10391
@GetMapping(value = "bad8")
10492
public void bad8(HttpServletRequest request) {
10593
String code = request.getParameter("code");
10694
StringTemplateLoader stringLoader = new StringTemplateLoader();
10795

108-
// void putTemplate(java.lang.String name, java.lang.String templateContent)
109-
stringLoader.putTemplate("myTemplate", code);
96+
stringLoader.putTemplate("myTemplate", code); // $hasTemplateInjection
11097
}
11198

11299
@GetMapping(value = "bad9")
113100
public void bad9(HttpServletRequest request) {
114101
String code = request.getParameter("code");
115102
StringTemplateLoader stringLoader = new StringTemplateLoader();
116-
117-
// void putTemplate(java.lang.String name, java.lang.String templateContent,
118-
// long lastModified)
119-
stringLoader.putTemplate("myTemplate", code, 0);
103+
104+
stringLoader.putTemplate("myTemplate", code, 0); // $hasTemplateInjection
120105
}
121106

122107
@GetMapping(value = "bad10")
123108
public void bad10(HttpServletRequest request) {
124-
HashMap<Object,Object> root = new HashMap();
109+
HashMap<Object, Object> root = new HashMap();
125110
String code = request.getParameter("code");
126-
root.put("code", code);
111+
root.put("code", code);
127112
Configuration cfg = new Configuration();
128-
Template temp = cfg.getTemplate("test.ftlh");
129-
OutputStreamWriter out = new OutputStreamWriter(System.out);
130-
temp.process(root, out);
113+
Template temp = cfg.getTemplate("test.ftlh");
114+
OutputStreamWriter out = new OutputStreamWriter(System.out);
115+
temp.process(root, out); // $hasTemplateInjection
131116
}
132117
}

java/ql/test/query-tests/security/CWE-094/JinJavaSSTI.java

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -21,17 +21,15 @@ public void bad1(HttpServletRequest request) {
2121
String template = request.getParameter("template");
2222
Jinjava jinjava = new Jinjava();
2323
Map<String, Object> context = new HashMap<>();
24-
// String render(String template, Map<String, ?> bindings)
25-
String renderedTemplate = jinjava.render(template, context);
24+
String renderedTemplate = jinjava.render(template, context); // $hasTemplateInjection
2625
}
2726

2827
@GetMapping(value = "bad2")
2928
public void bad2(HttpServletRequest request) {
3029
String template = request.getParameter("template");
3130
Jinjava jinjava = new Jinjava();
3231
Map<String, Object> bindings = new HashMap<>();
33-
// RenderResult renderForResult (String template, Map<String, ?> bindings)
34-
RenderResult renderResult = jinjava.renderForResult(template, bindings);
32+
RenderResult renderResult = jinjava.renderForResult(template, bindings); // $hasTemplateInjection
3533
}
3634

3735
@GetMapping(value = "bad3")
@@ -41,8 +39,6 @@ public void bad3(HttpServletRequest request) {
4139
Map<String, Object> bindings = new HashMap<>();
4240
JinjavaConfig renderConfig = new JinjavaConfig();
4341

44-
// RenderResult renderForResult (String template, Map<String, ?> bindings,
45-
// JinjavaConfig renderConfig)
46-
RenderResult renderResult = jinjava.renderForResult(template, bindings, renderConfig);
42+
RenderResult renderResult = jinjava.renderForResult(template, bindings, renderConfig); // $hasTemplateInjection
4743
}
4844
}

java/ql/test/query-tests/security/CWE-094/PebbleSSTI.java

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,14 +17,15 @@ public class PebbleSSTI {
1717
public void bad1(HttpServletRequest request) {
1818
String code = request.getParameter("code");
1919
PebbleEngine engine = new PebbleEngine.Builder().build();
20-
// public PebbleTemplate getTemplate(String templateName)
21-
PebbleTemplate compiledTemplate = engine.getTemplate(code);
20+
// public PebbleTemplate getTemplate(String templateName)
21+
PebbleTemplate compiledTemplate = engine.getTemplate(code); // $hasTemplateInjection
2222
}
23+
2324
@GetMapping(value = "bad2")
2425
public void bad2(HttpServletRequest request) {
2526
String code = request.getParameter("code");
2627
PebbleEngine engine = new PebbleEngine.Builder().build();
27-
// public PebbleTemplate getLiteralTemplate(String templateName)
28-
PebbleTemplate compiledTemplate = engine.getLiteralTemplate(code);
28+
// public PebbleTemplate getLiteralTemplate(String templateName)
29+
PebbleTemplate compiledTemplate = engine.getLiteralTemplate(code); // $hasTemplateInjection
2930
}
3031
}

0 commit comments

Comments
 (0)