Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fd533f2

Browse files
luchua-bcluchua-bc
committed
Remove the same callable constraint
1 parent 2b5982f commit fd533f2

2 files changed

Lines changed: 9 additions & 10 deletions

File tree

java/ql/src/experimental/Security/CWE/CWE-073/JFinalController.qll

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,8 +50,7 @@ private class SetToGetAttributeStep extends AdditionalValueStep {
5050
sma.getMethod() instanceof SetRequestAttributeMethod
5151
) and
5252
gma.getArgument(0).(CompileTimeConstantExpr).getStringValue() =
53-
sma.getArgument(0).(CompileTimeConstantExpr).getStringValue() and
54-
gma.getEnclosingCallable() = sma.getEnclosingCallable()
53+
sma.getArgument(0).(CompileTimeConstantExpr).getStringValue()
5554
|
5655
pred.asExpr() = sma.getArgument(1) and
5756
succ.asExpr() = gma

java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.java

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -85,8 +85,8 @@ public void uploadFile3() throws IOException {
8585
// BAD: Upload file to user specified path without validation through request attribute
8686
public void uploadFile4() throws IOException {
8787
String savePath = getPara("dir");
88-
setAttr("uploadDir", savePath);
89-
String requestUploadDir = getAttr("uploadDir");
88+
setAttr("uploadDir2", savePath);
89+
String requestUploadDir = getAttr("uploadDir2");
9090

9191
File file = getFile("fileParam").getFile();
9292
String finalFilePath = BASE_PATH + requestUploadDir;
@@ -108,8 +108,8 @@ public void uploadFile4() throws IOException {
108108
// BAD: Upload file to user specified path without validation through session object (not detected)
109109
public void uploadFile5() throws IOException {
110110
String savePath = getPara("dir");
111-
getSession().setAttribute("uploadDir", savePath);
112-
String sessionUploadDir = getSessionAttr("uploadDir");
111+
getSession().setAttribute("uploadDir3", savePath);
112+
String sessionUploadDir = getSessionAttr("uploadDir3");
113113

114114
File file = getFile("fileParam").getFile();
115115
String finalFilePath = BASE_PATH + sessionUploadDir;
@@ -130,8 +130,8 @@ public void uploadFile5() throws IOException {
130130

131131
// GOOD: Upload file to a system path from a request object
132132
public void uploadFile6() throws IOException {
133-
setAttr("uploadDir", "/data/upload_dir/");
134-
String requestUploadDir = getAttr("uploadDir");
133+
setAttr("uploadDir4", "/data/upload_dir/");
134+
String requestUploadDir = getAttr("uploadDir4");
135135

136136
File file = getFile("fileParam").getFile();
137137
String finalFilePath = BASE_PATH + requestUploadDir;
@@ -153,9 +153,9 @@ public void uploadFile6() throws IOException {
153153
// GOOD: Upload file to a system path from a request object
154154
public void uploadFile7() throws IOException {
155155
String savePath = getPara("dir");
156-
setAttr("uploadDir", savePath);
156+
setAttr("uploadDir5", savePath);
157157
setAttr("realUploadDir", "/data/upload_dir/");
158-
String requestUploadDir = getAttr("realUploadDir");
158+
String requestUploadDir = getAttr("realUploadDir5");
159159

160160
File file = getFile("fileParam").getFile();
161161
String finalFilePath = BASE_PATH + requestUploadDir;

0 commit comments

Comments
 (0)