Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ee872f1

Browse files
smowtonsmowton
committed
Add missing tests, add additional models revealed missing in the process, and add stubs to support them all.
1 parent 49bbfc3 commit ee872f1

16 files changed

Lines changed: 1704 additions & 9 deletions

File tree

java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -118,7 +118,9 @@ private class ApacheHttpOpenUrlSink extends SinkModelCsv {
118118
"org.apache.http.client.methods;RequestBuilder;false;put;;;Argument[0];open-url",
119119
"org.apache.http.client.methods;RequestBuilder;false;options;;;Argument[0];open-url",
120120
"org.apache.http.client.methods;RequestBuilder;false;head;;;Argument[0];open-url",
121-
"org.apache.http.client.methods;RequestBuilder;false;delete;;;Argument[0];open-url"
121+
"org.apache.http.client.methods;RequestBuilder;false;delete;;;Argument[0];open-url",
122+
"org.apache.http.client.methods;RequestBuilder;false;trace;;;Argument[0];open-url",
123+
"org.apache.http.client.methods;RequestBuilder;false;patch;;;Argument[0];open-url"
122124
]
123125
}
124126
}

java/ql/src/semmle/code/java/frameworks/spring/SpringWebClient.qll

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,16 +33,19 @@ private class UrlOpenSink extends SinkModelCsv {
3333
override predicate row(string row) {
3434
row =
3535
[
36+
"org.springframework.web.client;RestTemplate;false;delete;;;Argument[0];open-url",
3637
"org.springframework.web.client;RestTemplate;false;doExecute;;;Argument[0];open-url",
37-
"org.springframework.web.client;RestTemplate;false;postForEntity;;;Argument[0];open-url",
38-
"org.springframework.web.client;RestTemplate;false;postForLocation;;;Argument[0];open-url",
39-
"org.springframework.web.client;RestTemplate;false;postForObject;;;Argument[0];open-url",
40-
"org.springframework.web.client;RestTemplate;false;put;;;Argument[0];open-url",
4138
"org.springframework.web.client;RestTemplate;false;exchange;;;Argument[0];open-url",
4239
"org.springframework.web.client;RestTemplate;false;execute;;;Argument[0];open-url",
4340
"org.springframework.web.client;RestTemplate;false;getForEntity;;;Argument[0];open-url",
4441
"org.springframework.web.client;RestTemplate;false;getForObject;;;Argument[0];open-url",
45-
"org.springframework.web.client;RestTemplate;false;patchForObject;;;Argument[0];open-url"
42+
"org.springframework.web.client;RestTemplate;false;headForHeaders;;;Argument[0];open-url",
43+
"org.springframework.web.client;RestTemplate;false;optionsForAllow;;;Argument[0];open-url",
44+
"org.springframework.web.client;RestTemplate;false;patchForObject;;;Argument[0];open-url",
45+
"org.springframework.web.client;RestTemplate;false;postForEntity;;;Argument[0];open-url",
46+
"org.springframework.web.client;RestTemplate;false;postForLocation;;;Argument[0];open-url",
47+
"org.springframework.web.client;RestTemplate;false;postForObject;;;Argument[0];open-url",
48+
"org.springframework.web.client;RestTemplate;false;put;;;Argument[0];open-url"
4649
]
4750
}
4851
}

java/ql/test/query-tests/security/CWE-918/RequestForgery2.java

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,17 @@
77
import java.io.InputStream;
88

99
import org.apache.http.client.methods.HttpGet;
10+
import org.apache.http.client.methods.HttpPost;
11+
import org.apache.http.client.methods.HttpPut;
12+
import org.apache.http.client.methods.HttpDelete;
13+
import org.apache.http.client.methods.HttpHead;
14+
import org.apache.http.client.methods.HttpOptions;
15+
import org.apache.http.client.methods.HttpTrace;
16+
import org.apache.http.client.methods.HttpPatch;
17+
import org.apache.http.client.methods.RequestBuilder;
18+
import org.apache.http.message.BasicHttpRequest;
19+
import org.apache.http.message.BasicHttpEntityEnclosingRequest;
20+
import org.apache.http.message.BasicRequestLine;
1021
import javax.servlet.ServletException;
1122
import javax.servlet.http.HttpServlet;
1223
import javax.servlet.http.HttpServletRequest;
@@ -67,6 +78,33 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
6778
HttpGet httpGet = new HttpGet(uri);
6879
HttpGet httpGet2 = new HttpGet();
6980
httpGet2.setURI(uri2);
81+
82+
new HttpHead(uri);
83+
new HttpPost(uri);
84+
new HttpPut(uri);
85+
new HttpDelete(uri);
86+
new HttpOptions(uri);
87+
new HttpTrace(uri);
88+
new HttpPatch(uri);
89+
90+
new BasicHttpRequest(new BasicRequestLine("GET", uri2.toString(), null));
91+
new BasicHttpRequest("GET", uri2.toString());
92+
new BasicHttpRequest("GET", uri2.toString(), null);
93+
94+
new BasicHttpEntityEnclosingRequest(new BasicRequestLine("GET", uri2.toString(), null));
95+
new BasicHttpEntityEnclosingRequest("GET", uri2.toString());
96+
new BasicHttpEntityEnclosingRequest("GET", uri2.toString(), null);
97+
98+
RequestBuilder.get(uri2);
99+
RequestBuilder.post(uri2);
100+
RequestBuilder.put(uri2);
101+
RequestBuilder.delete(uri2);
102+
RequestBuilder.options(uri2);
103+
RequestBuilder.head(uri2);
104+
RequestBuilder.trace(uri2);
105+
RequestBuilder.patch(uri2);
106+
RequestBuilder.get("").setUri(uri2);
107+
70108
} catch (Exception e) {
71109
// TODO: handle exception
72110
}

java/ql/test/query-tests/security/CWE-918/SpringSSRF.java

Lines changed: 29 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
import org.springframework.util.MultiValueMap;
12
import org.springframework.web.client.RestTemplate;
23
import org.springframework.http.RequestEntity;
34
import org.springframework.http.ResponseEntity;
@@ -41,14 +42,22 @@ protected void doGet(HttpServletRequest request2, HttpServletResponse response2)
4142
restTemplate.execute(fooResourceUrl, HttpMethod.POST, null, null, "test");
4243
}
4344
{
44-
ResponseEntity<String> response =
45-
restTemplate.getForEntity(fooResourceUrl, String.class, "test");
45+
String response =
46+
restTemplate.getForObject(fooResourceUrl, String.class, "test");
4647
}
4748
{
4849
String body = new String("body");
50+
URI uri = new URI(fooResourceUrl);
4951
RequestEntity<String> requestEntity =
50-
RequestEntity.post(new URI(fooResourceUrl)).body(body);
52+
RequestEntity.post(uri).body(body);
5153
ResponseEntity<String> response = restTemplate.exchange(requestEntity, String.class);
54+
RequestEntity.get(uri);
55+
RequestEntity.put(uri);
56+
RequestEntity.delete(uri);
57+
RequestEntity.options(uri);
58+
RequestEntity.patch(uri);
59+
RequestEntity.head(uri);
60+
RequestEntity.method(null, uri);
5261
}
5362
{
5463
String response = restTemplate.patchForObject(fooResourceUrl, new String("object"),
@@ -68,6 +77,23 @@ protected void doGet(HttpServletRequest request2, HttpServletResponse response2)
6877
{
6978
restTemplate.put(fooResourceUrl, new String("object"));
7079
}
80+
{
81+
URI uri = new URI(fooResourceUrl);
82+
MultiValueMap<String, String> headers = null;
83+
java.lang.reflect.Type type = null;
84+
new RequestEntity<String>(null, uri);
85+
new RequestEntity<String>(headers, null, uri);
86+
new RequestEntity<String>("body", null, uri);
87+
new RequestEntity<String>("body", headers, null, uri);
88+
new RequestEntity<String>("body", null, uri, type);
89+
new RequestEntity<String>("body", headers, null, uri, type);
90+
}
91+
{
92+
URI uri = new URI(fooResourceUrl);
93+
restTemplate.delete(uri);
94+
restTemplate.headForHeaders(uri);
95+
restTemplate.optionsForAllow(uri);
96+
}
7197
} catch (org.springframework.web.client.RestClientException | java.net.URISyntaxException e) {}
7298
}
7399
}

java/ql/test/stubs/apache-http-4.4.13/org/apache/http/Contract.java

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
/*
2+
* ====================================================================
3+
* Licensed to the Apache Software Foundation (ASF) under one
4+
* or more contributor license agreements. See the NOTICE file
5+
* distributed with this work for additional information
6+
* regarding copyright ownership. The ASF licenses this file
7+
* to you under the Apache License, Version 2.0 (the
8+
* "License"); you may not use this file except in compliance
9+
* with the License. You may obtain a copy of the License at
10+
*
11+
* http://www.apache.org/licenses/LICENSE-2.0
12+
*
13+
* Unless required by applicable law or agreed to in writing,
14+
* software distributed under the License is distributed on an
15+
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16+
* KIND, either express or implied. See the License for the
17+
* specific language governing permissions and limitations
18+
* under the License.
19+
* ====================================================================
20+
*
21+
* This software consists of voluntary contributions made by many
22+
* individuals on behalf of the Apache Software Foundation. For more
23+
* information on the Apache Software Foundation, please see
24+
* <http://www.apache.org/>.
25+
*
26+
*/
27+
package org.apache.http.annotation;
28+
29+
import java.lang.annotation.Documented;
30+
import java.lang.annotation.ElementType;
31+
import java.lang.annotation.Retention;
32+
import java.lang.annotation.RetentionPolicy;
33+
import java.lang.annotation.Target;
34+
35+
/**
36+
* This annotation defines behavioral contract enforced at runtime by instances of annotated classes.
37+
*/
38+
@Documented
39+
@Target(ElementType.TYPE)
40+
@Retention(RetentionPolicy.CLASS)
41+
public @interface Contract {
42+
43+
ThreadingBehavior threading() default ThreadingBehavior.UNSAFE;
44+
45+
}

0 commit comments

Comments
 (0)