Skip to content

Commit 4d5ec87

Browse files
atorralbaatorralba
committed
Use InlineTest
1 parent 4bfd34b commit 4d5ec87

File tree

8 files changed

+60
-231
lines changed

8 files changed

+60
-231
lines changed

java/ql/src/Security/CWE/CWE-094/JexlInjection.ql

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,9 @@
1111
*/
1212

1313
import java
14-
import JexlInjectionLib
1514
import DataFlow::PathGraph
1615
import semmle.code.java.dataflow.FlowSources
17-
//import FlowUtils
16+
import semmle.code.java.security.JexlInjection
1817

1918
/**
2019
* A taint-tracking configuration for unsafe user input
@@ -29,8 +28,7 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
2928
override predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink }
3029

3130
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
32-
any(JexlInjectionAdditionalTaintStep c).step(node1, node2) /*or
33-
hasGetterFlow(node1, node2)*/
31+
any(JexlInjectionAdditionalTaintStep c).step(node1, node2)
3432
}
3533
}
3634

java/ql/src/Security/CWE/CWE-094/JexlInjectionLib.qll renamed to java/ql/src/semmle/code/java/security/JexlInjection.qll

File renamed without changes.

java/ql/test/query-tests/security/CWE-094/Jexl2Injection.java

Lines changed: 10 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -11,22 +11,21 @@ private static void runJexlExpression(String jexlExpr) {
1111
JexlEngine jexl = new JexlEngine();
1212
Expression e = jexl.createExpression(jexlExpr);
1313
JexlContext jc = new MapContext();
14-
e.evaluate(jc);
14+
e.evaluate(jc); // $hasJexlInjection
1515
}
1616

1717
private static void runJexlExpressionWithJexlInfo(String jexlExpr) {
1818
JexlEngine jexl = new JexlEngine();
19-
Expression e = jexl.createExpression(
20-
jexlExpr, new DebugInfo("unknown", 0, 0));
19+
Expression e = jexl.createExpression(jexlExpr, new DebugInfo("unknown", 0, 0));
2120
JexlContext jc = new MapContext();
22-
e.evaluate(jc);
21+
e.evaluate(jc); // $hasJexlInjection
2322
}
2423

2524
private static void runJexlScript(String jexlExpr) {
2625
JexlEngine jexl = new JexlEngine();
2726
Script script = jexl.createScript(jexlExpr);
2827
JexlContext jc = new MapContext();
29-
script.execute(jc);
28+
script.execute(jc); // $hasJexlInjection
3029
}
3130

3231
private static void runJexlScriptViaCallable(String jexlExpr) {
@@ -35,38 +34,38 @@ private static void runJexlScriptViaCallable(String jexlExpr) {
3534
JexlContext jc = new MapContext();
3635

3736
try {
38-
script.callable(jc).call();
37+
script.callable(jc).call(); // $hasJexlInjection
3938
} catch (Exception e) {
4039
throw new RuntimeException(e);
4140
}
4241
}
4342

4443
private static void runJexlExpressionViaGetProperty(String jexlExpr) {
4544
JexlEngine jexl = new JexlEngine();
46-
jexl.getProperty(new Object(), jexlExpr);
45+
jexl.getProperty(new Object(), jexlExpr); // $hasJexlInjection
4746
}
4847

4948
private static void runJexlExpressionViaSetProperty(String jexlExpr) {
5049
JexlEngine jexl = new JexlEngine();
51-
jexl.setProperty(new Object(), jexlExpr, new Object());
50+
jexl.setProperty(new Object(), jexlExpr, new Object()); // $hasJexlInjection
5251
}
5352

5453
private static void runJexlExpressionViaUnifiedJEXLParseAndEvaluate(String jexlExpr) {
5554
JexlEngine jexl = new JexlEngine();
5655
UnifiedJEXL unifiedJEXL = new UnifiedJEXL(jexl);
57-
unifiedJEXL.parse(jexlExpr).evaluate(new MapContext());
56+
unifiedJEXL.parse(jexlExpr).evaluate(new MapContext()); // $hasJexlInjection
5857
}
5958

6059
private static void runJexlExpressionViaUnifiedJEXLParseAndPrepare(String jexlExpr) {
6160
JexlEngine jexl = new JexlEngine();
6261
UnifiedJEXL unifiedJEXL = new UnifiedJEXL(jexl);
63-
unifiedJEXL.parse(jexlExpr).prepare(new MapContext());
62+
unifiedJEXL.parse(jexlExpr).prepare(new MapContext()); // $hasJexlInjection
6463
}
6564

6665
private static void runJexlExpressionViaUnifiedJEXLTemplateEvaluate(String jexlExpr) {
6766
JexlEngine jexl = new JexlEngine();
6867
UnifiedJEXL unifiedJEXL = new UnifiedJEXL(jexl);
69-
unifiedJEXL.createTemplate(jexlExpr).evaluate(new MapContext(), new StringWriter());
68+
unifiedJEXL.createTemplate(jexlExpr).evaluate(new MapContext(), new StringWriter()); // $hasJexlInjection
7069
}
7170

7271
private static void testWithSocket(Consumer<String> action) throws Exception {

java/ql/test/query-tests/security/CWE-094/Jexl3Injection.java

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -18,21 +18,21 @@ private static void runJexlExpression(String jexlExpr) {
1818
JexlEngine jexl = new JexlBuilder().create();
1919
JexlExpression e = jexl.createExpression(jexlExpr);
2020
JexlContext jc = new MapContext();
21-
e.evaluate(jc);
21+
e.evaluate(jc); // $hasJexlInjection
2222
}
2323

2424
private static void runJexlExpressionWithJexlInfo(String jexlExpr) {
2525
JexlEngine jexl = new JexlBuilder().create();
2626
JexlExpression e = jexl.createExpression(new JexlInfo("unknown", 0, 0), jexlExpr);
2727
JexlContext jc = new MapContext();
28-
e.evaluate(jc);
28+
e.evaluate(jc); // $hasJexlInjection
2929
}
3030

3131
private static void runJexlScript(String jexlExpr) {
3232
JexlEngine jexl = new JexlBuilder().create();
3333
JexlScript script = jexl.createScript(jexlExpr);
3434
JexlContext jc = new MapContext();
35-
script.execute(jc);
35+
script.execute(jc); // $hasJexlInjection
3636
}
3737

3838
private static void runJexlScriptViaCallable(String jexlExpr) {
@@ -41,38 +41,38 @@ private static void runJexlScriptViaCallable(String jexlExpr) {
4141
JexlContext jc = new MapContext();
4242

4343
try {
44-
script.callable(jc).call();
44+
script.callable(jc).call(); // $hasJexlInjection
4545
} catch (Exception e) {
4646
throw new RuntimeException(e);
4747
}
4848
}
4949

5050
private static void runJexlExpressionViaGetProperty(String jexlExpr) {
5151
JexlEngine jexl = new JexlBuilder().create();
52-
jexl.getProperty(new Object(), jexlExpr);
52+
jexl.getProperty(new Object(), jexlExpr); // $hasJexlInjection
5353
}
5454

5555
private static void runJexlExpressionViaSetProperty(String jexlExpr) {
5656
JexlEngine jexl = new JexlBuilder().create();
57-
jexl.setProperty(new Object(), jexlExpr, new Object());
57+
jexl.setProperty(new Object(), jexlExpr, new Object()); // $hasJexlInjection
5858
}
5959

6060
private static void runJexlExpressionViaJxltEngineExpressionEvaluate(String jexlExpr) {
6161
JexlEngine jexl = new JexlBuilder().create();
6262
JxltEngine jxlt = jexl.createJxltEngine();
63-
jxlt.createExpression(jexlExpr).evaluate(new MapContext());
63+
jxlt.createExpression(jexlExpr).evaluate(new MapContext()); // $hasJexlInjection
6464
}
6565

6666
private static void runJexlExpressionViaJxltEngineExpressionPrepare(String jexlExpr) {
6767
JexlEngine jexl = new JexlBuilder().create();
6868
JxltEngine jxlt = jexl.createJxltEngine();
69-
jxlt.createExpression(jexlExpr).prepare(new MapContext());
69+
jxlt.createExpression(jexlExpr).prepare(new MapContext()); // $hasJexlInjection
7070
}
7171

7272
private static void runJexlExpressionViaJxltEngineTemplateEvaluate(String jexlExpr) {
7373
JexlEngine jexl = new JexlBuilder().create();
7474
JxltEngine jxlt = jexl.createJxltEngine();
75-
jxlt.createTemplate(jexlExpr).evaluate(new MapContext(), new StringWriter());
75+
jxlt.createTemplate(jexlExpr).evaluate(new MapContext(), new StringWriter()); // $hasJexlInjection
7676
}
7777

7878
private static void runJexlExpressionViaCallable(String jexlExpr) {
@@ -81,7 +81,7 @@ private static void runJexlExpressionViaCallable(String jexlExpr) {
8181
JexlContext jc = new MapContext();
8282

8383
try {
84-
e.callable(jc).call();
84+
e.callable(jc).call(); // $hasJexlInjection
8585
} catch (Exception ex) {
8686
throw new RuntimeException(ex);
8787
}
@@ -141,16 +141,14 @@ public static void testWithJexlExpressionCallable() throws Exception {
141141
}
142142

143143
@PostMapping("/request")
144-
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromPathVariable(
145-
@PathVariable String expr) {
144+
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromPathVariable(@PathVariable String expr) {
146145

147146
runJexlExpression(expr);
148147
return ResponseEntity.ok(HttpStatus.OK);
149148
}
150149

151150
@PostMapping("/request")
152-
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromRequestBody(
153-
@RequestBody Data data) {
151+
public ResponseEntity testWithSpringControllerThatEvaluatesJexlFromRequestBody(@RequestBody Data data) {
154152

155153
String expr = data.getExpr();
156154
runJexlExpression(expr);

0 commit comments

Comments
 (0)