Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fb3e56e

Browse files
atorralbaatorralba
committed
Fix imports and stubs so that tests pass
1 parent a629974 commit fb3e56e

5 files changed

Lines changed: 74 additions & 26 deletions

File tree

java/change-notes/2021-04-26-xpath-injection-query.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
lgtm,codescanning
2+
* The query "XPath injection" (`java/xml/xpath-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @SpaceWhite](https://github.com/github/codeql/pull/2800)

java/ql/src/semmle/code/java/security/XPath.qll

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ class XPath extends RefType {
1313
XPath() { this.hasQualifiedName("javax.xml.xpath", "XPath") }
1414
}
1515

16-
/** A call to `XPath.Evaluate` or `XPath.compile` */
16+
/** A call to `XPath.evaluate` or `XPath.compile` */
1717
class XPathEvaluateOrCompile extends XPathSink {
1818
XPathEvaluateOrCompile() {
1919
exists(Method m | this.getMethod() = m and m.getDeclaringType() instanceof XPath |
@@ -24,9 +24,13 @@ class XPathEvaluateOrCompile extends XPathSink {
2424
override Expr getSink() { result = this.getArgument(0) }
2525
}
2626

27-
/** The class `org.dom4j.Node` */
27+
/** Any class extending or implementing `org.dom4j.Node` */
2828
class Dom4JNode extends RefType {
29-
Dom4JNode() { this.hasQualifiedName("org.dom4j", "Node") }
29+
Dom4JNode() {
30+
exists(Interface node | node.hasQualifiedName("org.dom4j", "Node") |
31+
this.extendsOrImplements*(node)
32+
)
33+
}
3034
}
3135

3236
/** A call to `Node.selectNodes` or `Node.selectSingleNode` */

java/ql/test/experimental/query-tests/security/CWE-643/A.java

Lines changed: 10 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,16 @@
1-
import org.w3c.dom.Document;
2-
import org.xml.sax.InputSource;
3-
import org.xml.sax.SAXException;
1+
import java.io.ByteArrayInputStream;
2+
import java.io.StringReader;
43

4+
import javax.servlet.http.HttpServletRequest;
55
import javax.xml.parsers.DocumentBuilder;
66
import javax.xml.parsers.DocumentBuilderFactory;
7-
import javax.xml.parsers.ParserConfigurationException;
87
import javax.xml.xpath.XPath;
98
import javax.xml.xpath.XPathConstants;
109
import javax.xml.xpath.XPathExpression;
11-
import javax.xml.xpath.XPathExpressionException;
1210
import javax.xml.xpath.XPathFactory;
1311

14-
import java.io.BufferedInputStream;
15-
import java.io.ByteArrayInputStream;
16-
import java.io.InputStream;
17-
import java.io.StringReader;
18-
19-
import javax.servlet.http.HttpServletRequest;
12+
import org.w3c.dom.Document;
13+
import org.xml.sax.InputSource;
2014

2115
public class A {
2216
public void handle(HttpServletRequest request) throws Exception {
@@ -34,17 +28,13 @@ public void handle(HttpServletRequest request) throws Exception {
3428
String user = request.getParameter("user");
3529
String pass = request.getParameter("pass");
3630
if (user != null && pass != null) {
37-
boolean isExist = false;
38-
3931
// Bad expression
4032
String expression1 = "/users/user[@name='" + user + "' and @pass='" + pass + "']";
41-
isExist = (boolean) xpath.evaluate(expression1, doc, XPathConstants.BOOLEAN); // $hasXPathInjection
42-
System.out.println(isExist);
33+
xpath.evaluate(expression1, doc, XPathConstants.BOOLEAN); // $hasXPathInjection
4334

4435
// Bad expression
4536
XPathExpression expression2 = xpath.compile("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
46-
isExist = (boolean) expression2.evaluate(doc, XPathConstants.BOOLEAN);
47-
System.out.println(isExist);
37+
expression2.evaluate(doc, XPathConstants.BOOLEAN);
4838

4939
// Bad expression
5040
StringBuffer sb = new StringBuffer("/users/user[@name=");
@@ -54,8 +44,7 @@ public void handle(HttpServletRequest request) throws Exception {
5444
sb.append("']");
5545
String query = sb.toString();
5646
XPathExpression expression3 = xpath.compile(query); // $hasXPathInjection
57-
isExist = (boolean) expression3.evaluate(doc, XPathConstants.BOOLEAN);
58-
System.out.println(isExist);
47+
expression3.evaluate(doc, XPathConstants.BOOLEAN);
5948

6049
// Good expression
6150
String expression4 = "/users/user[@name=$user and @pass=$pass]";
@@ -69,13 +58,12 @@ public void handle(HttpServletRequest request) throws Exception {
6958
throw new IllegalArgumentException();
7059
}
7160
});
72-
isExist = (boolean) xpath.evaluate(expression4, doc, XPathConstants.BOOLEAN);
73-
System.out.println(isExist);
61+
xpath.evaluate(expression4, doc, XPathConstants.BOOLEAN); // Safe
7462

7563
// Bad Dom4j
7664
org.dom4j.io.SAXReader reader = new org.dom4j.io.SAXReader();
7765
org.dom4j.Document document = reader.read(new ByteArrayInputStream(xmlStr.getBytes()));
78-
isExist = document.selectSingleNode("/users/user[@name='" + user + "' and @pass='" + pass + "']") // $hasXPathInjection
66+
document.selectSingleNode("/users/user[@name='" + user + "' and @pass='" + pass + "']") // $hasXPathInjection
7967
.hasContent();
8068
document.selectNodes("/users/user[@name='" + user + "' and @pass='" + pass + "']"); // $hasXPathInjection
8169
}

java/ql/test/stubs/dom4j-2.1.1/org/dom4j/Branch.java

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
/*
2+
* Copyright 2001-2005 (C) MetaStuff, Ltd. All Rights Reserved.
3+
*
4+
* This software is open source.
5+
* See the bottom of this file for the licence.
6+
*/
7+
8+
/*
9+
* Adapted from DOM4J version 2.1.1 as available at
10+
* https://search.maven.org/remotecontent?filepath=org/dom4j/dom4j/2.1.1/dom4j-2.1.1-sources.jar
11+
* Only relevant stubs of this file have been retained for test purposes.
12+
*/
13+
14+
package org.dom4j;
15+
16+
public interface Branch extends Node {
17+
}
18+
19+
/*
20+
* Redistribution and use of this software and associated documentation
21+
* ("Software"), with or without modification, are permitted provided that the
22+
* following conditions are met:
23+
*
24+
* 1. Redistributions of source code must retain copyright statements and
25+
* notices. Redistributions must also contain a copy of this document.
26+
*
27+
* 2. Redistributions in binary form must reproduce the above copyright notice,
28+
* this list of conditions and the following disclaimer in the documentation
29+
* and/or other materials provided with the distribution.
30+
*
31+
* 3. The name "DOM4J" must not be used to endorse or promote products derived
32+
* from this Software without prior written permission of MetaStuff, Ltd. For
33+
* written permission, please contact [email protected].
34+
*
35+
* 4. Products derived from this Software may not be called "DOM4J" nor may
36+
* "DOM4J" appear in their names without prior written permission of MetaStuff,
37+
* Ltd. DOM4J is a registered trademark of MetaStuff, Ltd.
38+
*
39+
* 5. Due credit should be given to the DOM4J Project - http://www.dom4j.org
40+
*
41+
* THIS SOFTWARE IS PROVIDED BY METASTUFF, LTD. AND CONTRIBUTORS ``AS IS'' AND
42+
* ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43+
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44+
* ARE DISCLAIMED. IN NO EVENT SHALL METASTUFF, LTD. OR ITS CONTRIBUTORS BE
45+
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
46+
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
47+
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
48+
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
49+
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50+
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
51+
* POSSIBILITY OF SUCH DAMAGE.
52+
*
53+
* Copyright 2001-2005 (C) MetaStuff, Ltd. All Rights Reserved.
54+
*/

java/ql/test/stubs/dom4j-2.1.1/org/dom4j/Document.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515

1616
import java.util.List;
1717

18-
public interface Document {
18+
public interface Document extends Branch {
1919

2020
public Node selectSingleNode(String xpathExpression);
2121

0 commit comments

Comments
 (0)