Skip to content

Commit f65a5b9

Browse files
Jami CogswellJami Cogswell
Jami Cogswell
authored and
Jami Cogswell
committed
Java: add test for qhelp good example
1 parent 9e51b01 commit f65a5b9

File tree

3 files changed

+15
-0
lines changed

3 files changed

+15
-0
lines changed

java/ql/test/query-tests/security/CWE-016/SpringBootActuatorsTest.java

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -271,4 +271,11 @@ public void securityFilterChain(HttpSecurity http) throws Exception {
271271
http.securityMatcher(EndpointRequest.toAnyEndpoint());
272272
http.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll()); // $ hasExposedSpringBootActuator
273273
}
274+
275+
// QHelp Good example
276+
protected void configureQhelpGood(HttpSecurity http) throws Exception {
277+
// GOOD: only users with ENDPOINT_ADMIN role are allowed to access the actuator endpoints
278+
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests((requests) ->
279+
requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
280+
}
274281
}

java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/springframework-5.3.8/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)