Skip to content

Commit e0a7f6e

Browse files
smowtonsmowton
committed
Fix URLClassLoader test
1 parent 44e8dd9 commit e0a7f6e

File tree

1 file changed

+10
-9
lines changed

1 file changed

+10
-9
lines changed

java/ql/test/query-tests/security/CWE-918/URLClassLoaderSSRF.java

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
import java.net.URI;
77
import java.net.URL;
88
import java.net.URLClassLoader;
9+
import java.net.URLStreamHandlerFactory;
910

1011
public class URLClassLoaderSSRF extends HttpServlet {
1112

@@ -39,7 +40,7 @@ protected void doPut(HttpServletRequest request, HttpServletResponse response)
3940
String url = request.getParameter("uri");
4041
URI uri = new URI(url);
4142

42-
URLStreamHandlerFactory urlStreamHandlerFactory = TomcatURLStreamHandlerFactory.getInstance();
43+
URLStreamHandlerFactory urlStreamHandlerFactory = null;
4344
URLClassLoader urlClassLoader = new URLClassLoader(new URL[]{uri.toURL()}, URLClassLoaderSSRF.class.getClassLoader(), urlStreamHandlerFactory); // $ SSRF
4445
urlClassLoader.findResource("test");
4546
} catch (Exception e) {
@@ -64,11 +65,11 @@ protected void doOptions(HttpServletRequest request, HttpServletResponse respons
6465
try {
6566
String url = request.getParameter("uri");
6667
URI uri = new URI(url);
67-
URLClassLoader urlClassLoader =
68-
new URLClassLoader("testClassLoader",
69-
new URL[]{new URL[]{uri.toURL()}},
68+
URLClassLoader urlClassLoader =
69+
new URLClassLoader("testClassLoader",
70+
new URL[]{uri.toURL()}, // $ SSRF
7071
URLClassLoaderSSRF.class.getClassLoader()
71-
); // $ SSRF
72+
);
7273

7374
Class<?> rceTest = urlClassLoader.loadClass("RCETest");
7475
} catch (Exception e) {
@@ -81,14 +82,14 @@ protected void doTrace(HttpServletRequest request, HttpServletResponse response)
8182
try {
8283
String url = request.getParameter("uri");
8384
URI uri = new URI(url);
84-
URLStreamHandlerFactory urlStreamHandlerFactory = TomcatURLStreamHandlerFactory.getInstance();
85+
URLStreamHandlerFactory urlStreamHandlerFactory = null;
8586

8687
URLClassLoader urlClassLoader =
8788
new URLClassLoader("testClassLoader",
88-
new URL[]{uri.toURL()},
89-
URLClassLoaderSSRF.class.getClassLoader(),
89+
new URL[]{uri.toURL()}, // $ SSRF
90+
URLClassLoaderSSRF.class.getClassLoader(),
9091
urlStreamHandlerFactory
91-
); // $ SSRF
92+
);
9293

9394
Class<?> rceTest = urlClassLoader.loadClass("RCETest");
9495
} catch (Exception e) {

0 commit comments

Comments
 (0)