Skip to content

Commit 3d20330

Browse files
artem-smotrakovartem-smotrakov
committed
More tests for RmiUnsafeDeserialization
1 parent ec6186a commit 3d20330

File tree

1 file changed

+35
-2
lines changed

1 file changed

+35
-2
lines changed

java/ql/test/experimental/query-tests/security/CWE-502/RmiUnsafeDeserialization.java

Lines changed: 35 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
import java.io.ObjectInputStream;
12
import java.rmi.Naming;
23
import java.rmi.Remote;
34
import java.rmi.RemoteException;
@@ -10,15 +11,47 @@ public class RmiUnsafeDeserialization {
1011
public static void testRegistryBindWithObjectParameter() throws Exception {
1112
Registry registry = LocateRegistry.createRegistry(1099);
1213
registry.bind("test", new RemoteObjectWithObject());
14+
registry.rebind("test", new RemoteObjectWithObject());
15+
}
16+
17+
// GOOD (bind a remote object that has methods that takes safe parameters)
18+
public static void testRegistryBindWithIntParameter() throws Exception {
19+
Registry registry = LocateRegistry.createRegistry(1099);
20+
registry.bind("test", new SafeRemoteObject());
21+
registry.rebind("test", new SafeRemoteObject());
22+
}
23+
24+
// BAD (bind a remote object that has a vulnerable method that takes Object)
25+
public static void testNamingBindWithObjectParameter() throws Exception {
26+
Naming.bind("test", new RemoteObjectWithObject());
27+
Naming.rebind("test", new RemoteObjectWithObject());
28+
}
29+
30+
// GOOD (bind a remote object that has methods that takes safe parameters)
31+
public static void testNamingBindWithIntParameter() throws Exception {
32+
Naming.bind("test", new SafeRemoteObject());
33+
Naming.rebind("test", new SafeRemoteObject());
1334
}
1435
}
1536

1637
interface RemoteObjectWithObjectInterface extends Remote {
17-
1838
void take(Object obj) throws RemoteException;
1939
}
2040

2141
class RemoteObjectWithObject implements RemoteObjectWithObjectInterface {
22-
2342
public void take(Object obj) throws RemoteException {}
2443
}
44+
45+
interface SafeRemoteObjectInterface extends Remote {
46+
void take(int n) throws RemoteException;
47+
void take(double n) throws RemoteException;
48+
void take(String s) throws RemoteException;
49+
void take(ObjectInputStream ois) throws RemoteException;
50+
}
51+
52+
class SafeRemoteObject implements SafeRemoteObjectInterface {
53+
public void take(int n) throws RemoteException {}
54+
public void take(double n) throws RemoteException {}
55+
public void take(String s) throws RemoteException {}
56+
public void take(ObjectInputStream ois) throws RemoteException {}
57+
}

0 commit comments

Comments
 (0)