Skip to content

Commit c77875d

Browse files
d10cd10c
committed
Java: convert TemplateInjection test to .qlref
1 parent b8c7bd2 commit c77875d

File tree

10 files changed

+225
-67
lines changed

10 files changed

+225
-67
lines changed

java/ql/test/query-tests/security/CWE-094/FreemarkerSSTI.java renamed to java/ql/test/query-tests/security/CWE-094/TemplateInjection/FreemarkerSSTI.java

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -20,88 +20,88 @@ public class FreemarkerSSTI {
2020
@GetMapping(value = "bad1")
2121
public void bad1(HttpServletRequest request) {
2222
String name = "ttemplate";
23-
String code = request.getParameter("code");
23+
String code = request.getParameter("code"); // $ Source
2424
Reader reader = new StringReader(code);
2525

26-
Template t = new Template(name, reader); // $hasTemplateInjection
26+
Template t = new Template(name, reader); // $ Alert
2727
}
2828

2929
@GetMapping(value = "bad2")
3030
public void bad2(HttpServletRequest request) {
3131
String name = "ttemplate";
32-
String code = request.getParameter("code");
32+
String code = request.getParameter("code"); // $ Source
3333
Reader reader = new StringReader(code);
3434
Configuration cfg = new Configuration();
3535

36-
Template t = new Template(name, reader, cfg); // $hasTemplateInjection
36+
Template t = new Template(name, reader, cfg); // $ Alert
3737
}
3838

3939
@GetMapping(value = "bad3")
4040
public void bad3(HttpServletRequest request) {
4141
String name = "ttemplate";
42-
String code = request.getParameter("code");
42+
String code = request.getParameter("code"); // $ Source
4343
Reader reader = new StringReader(code);
4444
Configuration cfg = new Configuration();
4545

46-
Template t = new Template(name, reader, cfg, "UTF-8"); // $hasTemplateInjection
46+
Template t = new Template(name, reader, cfg, "UTF-8"); // $ Alert
4747
}
4848

4949
@GetMapping(value = "bad4")
5050
public void bad4(HttpServletRequest request) {
5151
String name = "ttemplate";
52-
String sourceCode = request.getParameter("sourceCode");
52+
String sourceCode = request.getParameter("sourceCode"); // $ Source
5353
Configuration cfg = new Configuration();
5454

55-
Template t = new Template(name, sourceCode, cfg); // $hasTemplateInjection
55+
Template t = new Template(name, sourceCode, cfg); // $ Alert
5656
}
5757

5858
@GetMapping(value = "bad5")
5959
public void bad5(HttpServletRequest request) {
6060
String name = "ttemplate";
61-
String code = request.getParameter("code");
61+
String code = request.getParameter("code"); // $ Source
6262
Configuration cfg = new Configuration();
6363
Reader reader = new StringReader(code);
6464

65-
Template t = new Template(name, sourceName, reader, cfg); // $hasTemplateInjection
65+
Template t = new Template(name, sourceName, reader, cfg); // $ Alert
6666
}
6767

6868
@GetMapping(value = "bad6")
6969
public void bad6(HttpServletRequest request) {
7070
String name = "ttemplate";
71-
String code = request.getParameter("code");
71+
String code = request.getParameter("code"); // $ Source
7272
Configuration cfg = new Configuration();
7373
ParserConfiguration customParserConfiguration = new Configuration();
7474
Reader reader = new StringReader(code);
7575

7676
Template t =
77-
new Template(name, sourceName, reader, cfg, customParserConfiguration, "UTF-8"); // $hasTemplateInjection
77+
new Template(name, sourceName, reader, cfg, customParserConfiguration, "UTF-8"); // $ Alert
7878
}
7979

8080
@GetMapping(value = "bad7")
8181
public void bad7(HttpServletRequest request) {
8282
String name = "ttemplate";
83-
String code = request.getParameter("code");
83+
String code = request.getParameter("code"); // $ Source
8484
Configuration cfg = new Configuration();
8585
ParserConfiguration customParserConfiguration = new Configuration();
8686
Reader reader = new StringReader(code);
8787

88-
Template t = new Template(name, sourceName, reader, cfg, "UTF-8"); // $hasTemplateInjection
88+
Template t = new Template(name, sourceName, reader, cfg, "UTF-8"); // $ Alert
8989
}
9090

9191
@GetMapping(value = "bad8")
9292
public void bad8(HttpServletRequest request) {
93-
String code = request.getParameter("code");
93+
String code = request.getParameter("code"); // $ Source
9494
StringTemplateLoader stringLoader = new StringTemplateLoader();
9595

96-
stringLoader.putTemplate("myTemplate", code); // $hasTemplateInjection
96+
stringLoader.putTemplate("myTemplate", code); // $ Alert
9797
}
9898

9999
@GetMapping(value = "bad9")
100100
public void bad9(HttpServletRequest request) {
101-
String code = request.getParameter("code");
101+
String code = request.getParameter("code"); // $ Source
102102
StringTemplateLoader stringLoader = new StringTemplateLoader();
103103

104-
stringLoader.putTemplate("myTemplate", code, 0); // $hasTemplateInjection
104+
stringLoader.putTemplate("myTemplate", code, 0); // $ Alert
105105
}
106106

107107
@GetMapping(value = "good1")

java/ql/test/query-tests/security/CWE-094/JinJavaSSTI.java renamed to java/ql/test/query-tests/security/CWE-094/TemplateInjection/JinJavaSSTI.java

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,27 +18,27 @@ public class JinJavaSSTI {
1818

1919
@GetMapping(value = "bad1")
2020
public void bad1(HttpServletRequest request) {
21-
String template = request.getParameter("template");
21+
String template = request.getParameter("template"); // $ Source
2222
Jinjava jinjava = new Jinjava();
2323
Map<String, Object> context = new HashMap<>();
24-
String renderedTemplate = jinjava.render(template, context); // $hasTemplateInjection
24+
String renderedTemplate = jinjava.render(template, context); // $ Alert
2525
}
2626

2727
@GetMapping(value = "bad2")
2828
public void bad2(HttpServletRequest request) {
29-
String template = request.getParameter("template");
29+
String template = request.getParameter("template"); // $ Source
3030
Jinjava jinjava = new Jinjava();
3131
Map<String, Object> bindings = new HashMap<>();
32-
RenderResult renderResult = jinjava.renderForResult(template, bindings); // $hasTemplateInjection
32+
RenderResult renderResult = jinjava.renderForResult(template, bindings); // $ Alert
3333
}
3434

3535
@GetMapping(value = "bad3")
3636
public void bad3(HttpServletRequest request) {
37-
String template = request.getParameter("template");
37+
String template = request.getParameter("template"); // $ Source
3838
Jinjava jinjava = new Jinjava();
3939
Map<String, Object> bindings = new HashMap<>();
4040
JinjavaConfig renderConfig = new JinjavaConfig();
4141

42-
RenderResult renderResult = jinjava.renderForResult(template, bindings, renderConfig); // $hasTemplateInjection
42+
RenderResult renderResult = jinjava.renderForResult(template, bindings, renderConfig); // $ Alert
4343
}
4444
}

java/ql/test/query-tests/security/CWE-094/PebbleSSTI.java renamed to java/ql/test/query-tests/security/CWE-094/TemplateInjection/PebbleSSTI.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,15 @@ public class PebbleSSTI {
1515

1616
@GetMapping(value = "bad1")
1717
public void bad1(HttpServletRequest request) {
18-
String templateName = request.getParameter("templateName");
18+
String templateName = request.getParameter("templateName"); // $ Source
1919
PebbleEngine engine = new PebbleEngine.Builder().build();
20-
PebbleTemplate compiledTemplate = engine.getTemplate(templateName); // $hasTemplateInjection
20+
PebbleTemplate compiledTemplate = engine.getTemplate(templateName); // $ Alert
2121
}
2222

2323
@GetMapping(value = "bad2")
2424
public void bad2(HttpServletRequest request) {
25-
String templateName = request.getParameter("templateName");
25+
String templateName = request.getParameter("templateName"); // $ Source
2626
PebbleEngine engine = new PebbleEngine.Builder().build();
27-
PebbleTemplate compiledTemplate = engine.getLiteralTemplate(templateName); // $hasTemplateInjection
27+
PebbleTemplate compiledTemplate = engine.getLiteralTemplate(templateName); // $ Alert
2828
}
2929
}

0 commit comments

Comments
 (0)