Skip to content

Commit 37589dd

Browse files
owen-mcowen-mc
committed
Improve how org.apache.http.client.HttpClient is created in test
1 parent a159dc1 commit 37589dd

4 files changed

Lines changed: 46 additions & 28 deletions

File tree

java/ql/test/query-tests/security/CWE-918/ApacheHttpClientExecuteSSRF.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
import org.apache.http.client.HttpClient;
66
import org.apache.http.client.ResponseHandler;
77
import org.apache.http.client.methods.HttpUriRequest;
8+
import org.apache.http.impl.client.HttpClients;
89
import org.apache.http.message.BasicHttpRequest;
910
import org.apache.http.protocol.HttpContext;
1011
import javax.servlet.ServletException;
@@ -24,7 +25,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
2425
HttpRequest req = new BasicHttpRequest("GET", "/");
2526
HttpUriRequest uriReq = (HttpUriRequest) (Object) source;
2627
HttpContext context = null;
27-
HttpClient client = null;
28+
HttpClient client = HttpClients.createDefault();
2829
ResponseHandler<Object> handler = null;
2930

3031
client.execute(host, req); // $ Alert

java/ql/test/query-tests/security/CWE-918/RequestForgery.expected

Lines changed: 27 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
#select
2-
| ApacheHttpClientExecuteSSRF.java:30:28:30:31 | host | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:30:28:30:31 | host | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) | user-provided value |
3-
| ApacheHttpClientExecuteSSRF.java:31:28:31:31 | host | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:31:28:31:31 | host | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) | user-provided value |
4-
| ApacheHttpClientExecuteSSRF.java:32:28:32:31 | host | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:32:28:32:31 | host | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) | user-provided value |
5-
| ApacheHttpClientExecuteSSRF.java:33:28:33:31 | host | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:33:28:33:31 | host | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) | user-provided value |
6-
| ApacheHttpClientExecuteSSRF.java:34:28:34:33 | uriReq | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:34:28:34:33 | uriReq | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) | user-provided value |
7-
| ApacheHttpClientExecuteSSRF.java:35:28:35:33 | uriReq | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:35:28:35:33 | uriReq | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) | user-provided value |
8-
| ApacheHttpClientExecuteSSRF.java:36:28:36:33 | uriReq | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:36:28:36:33 | uriReq | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) | user-provided value |
9-
| ApacheHttpClientExecuteSSRF.java:37:28:37:33 | uriReq | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:37:28:37:33 | uriReq | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) | user-provided value |
2+
| ApacheHttpClientExecuteSSRF.java:31:28:31:31 | host | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:31:28:31:31 | host | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) | user-provided value |
3+
| ApacheHttpClientExecuteSSRF.java:32:28:32:31 | host | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:32:28:32:31 | host | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) | user-provided value |
4+
| ApacheHttpClientExecuteSSRF.java:33:28:33:31 | host | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:33:28:33:31 | host | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) | user-provided value |
5+
| ApacheHttpClientExecuteSSRF.java:34:28:34:31 | host | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:34:28:34:31 | host | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) | user-provided value |
6+
| ApacheHttpClientExecuteSSRF.java:35:28:35:33 | uriReq | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:35:28:35:33 | uriReq | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) | user-provided value |
7+
| ApacheHttpClientExecuteSSRF.java:36:28:36:33 | uriReq | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:36:28:36:33 | uriReq | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) | user-provided value |
8+
| ApacheHttpClientExecuteSSRF.java:37:28:37:33 | uriReq | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:37:28:37:33 | uriReq | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) | user-provided value |
9+
| ApacheHttpClientExecuteSSRF.java:38:28:38:33 | uriReq | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:38:28:38:33 | uriReq | Potential server-side request forgery due to a $@. | ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) | user-provided value |
1010
| ApacheHttpSSRF.java:30:43:30:45 | uri | ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) : String | ApacheHttpSSRF.java:30:43:30:45 | uri | Potential server-side request forgery due to a $@. | ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) | user-provided value |
1111
| ApacheHttpSSRF.java:32:29:32:31 | uri | ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) : String | ApacheHttpSSRF.java:32:29:32:31 | uri | Potential server-side request forgery due to a $@. | ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) | user-provided value |
1212
| ApacheHttpSSRF.java:34:26:34:28 | uri | ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) : String | ApacheHttpSSRF.java:34:26:34:28 | uri | Potential server-side request forgery due to a $@. | ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) | user-provided value |
@@ -385,18 +385,18 @@
385385
| mad/Test.java:107:15:107:31 | (...)... | mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:107:15:107:31 | (...)... | Potential server-side request forgery due to a $@. | mad/Test.java:26:16:26:41 | getParameter(...) | user-provided value |
386386
| mad/Test.java:112:15:112:31 | (...)... | mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:112:15:112:31 | (...)... | Potential server-side request forgery due to a $@. | mad/Test.java:26:16:26:41 | getParameter(...) | user-provided value |
387387
edges
388-
| ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:23:42:23:47 | source : String | provenance | Src:MaD:285 |
389-
| ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:25:54:25:68 | (...)... : String | provenance | Src:MaD:285 |
390-
| ApacheHttpClientExecuteSSRF.java:23:29:23:48 | new HttpHost(...) : HttpHost | ApacheHttpClientExecuteSSRF.java:30:28:30:31 | host | provenance | Sink:MaD:228 |
391-
| ApacheHttpClientExecuteSSRF.java:23:29:23:48 | new HttpHost(...) : HttpHost | ApacheHttpClientExecuteSSRF.java:31:28:31:31 | host | provenance | Sink:MaD:229 |
392-
| ApacheHttpClientExecuteSSRF.java:23:29:23:48 | new HttpHost(...) : HttpHost | ApacheHttpClientExecuteSSRF.java:32:28:32:31 | host | provenance | Sink:MaD:230 |
393-
| ApacheHttpClientExecuteSSRF.java:23:29:23:48 | new HttpHost(...) : HttpHost | ApacheHttpClientExecuteSSRF.java:33:28:33:31 | host | provenance | Sink:MaD:231 |
394-
| ApacheHttpClientExecuteSSRF.java:23:42:23:47 | source : String | ApacheHttpClientExecuteSSRF.java:23:29:23:48 | new HttpHost(...) : HttpHost | provenance | MaD:305 |
395-
| ApacheHttpClientExecuteSSRF.java:25:37:25:68 | (...)... : String | ApacheHttpClientExecuteSSRF.java:34:28:34:33 | uriReq | provenance | Sink:MaD:232 |
396-
| ApacheHttpClientExecuteSSRF.java:25:37:25:68 | (...)... : String | ApacheHttpClientExecuteSSRF.java:35:28:35:33 | uriReq | provenance | Sink:MaD:233 |
397-
| ApacheHttpClientExecuteSSRF.java:25:37:25:68 | (...)... : String | ApacheHttpClientExecuteSSRF.java:36:28:36:33 | uriReq | provenance | Sink:MaD:234 |
398-
| ApacheHttpClientExecuteSSRF.java:25:37:25:68 | (...)... : String | ApacheHttpClientExecuteSSRF.java:37:28:37:33 | uriReq | provenance | Sink:MaD:235 |
399-
| ApacheHttpClientExecuteSSRF.java:25:54:25:68 | (...)... : String | ApacheHttpClientExecuteSSRF.java:25:37:25:68 | (...)... : String | provenance | |
388+
| ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:24:42:24:47 | source : String | provenance | Src:MaD:285 |
389+
| ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | ApacheHttpClientExecuteSSRF.java:26:54:26:68 | (...)... : String | provenance | Src:MaD:285 |
390+
| ApacheHttpClientExecuteSSRF.java:24:29:24:48 | new HttpHost(...) : HttpHost | ApacheHttpClientExecuteSSRF.java:31:28:31:31 | host | provenance | Sink:MaD:228 |
391+
| ApacheHttpClientExecuteSSRF.java:24:29:24:48 | new HttpHost(...) : HttpHost | ApacheHttpClientExecuteSSRF.java:32:28:32:31 | host | provenance | Sink:MaD:229 |
392+
| ApacheHttpClientExecuteSSRF.java:24:29:24:48 | new HttpHost(...) : HttpHost | ApacheHttpClientExecuteSSRF.java:33:28:33:31 | host | provenance | Sink:MaD:230 |
393+
| ApacheHttpClientExecuteSSRF.java:24:29:24:48 | new HttpHost(...) : HttpHost | ApacheHttpClientExecuteSSRF.java:34:28:34:31 | host | provenance | Sink:MaD:231 |
394+
| ApacheHttpClientExecuteSSRF.java:24:42:24:47 | source : String | ApacheHttpClientExecuteSSRF.java:24:29:24:48 | new HttpHost(...) : HttpHost | provenance | MaD:305 |
395+
| ApacheHttpClientExecuteSSRF.java:26:37:26:68 | (...)... : String | ApacheHttpClientExecuteSSRF.java:35:28:35:33 | uriReq | provenance | Sink:MaD:232 |
396+
| ApacheHttpClientExecuteSSRF.java:26:37:26:68 | (...)... : String | ApacheHttpClientExecuteSSRF.java:36:28:36:33 | uriReq | provenance | Sink:MaD:233 |
397+
| ApacheHttpClientExecuteSSRF.java:26:37:26:68 | (...)... : String | ApacheHttpClientExecuteSSRF.java:37:28:37:33 | uriReq | provenance | Sink:MaD:234 |
398+
| ApacheHttpClientExecuteSSRF.java:26:37:26:68 | (...)... : String | ApacheHttpClientExecuteSSRF.java:38:28:38:33 | uriReq | provenance | Sink:MaD:235 |
399+
| ApacheHttpClientExecuteSSRF.java:26:54:26:68 | (...)... : String | ApacheHttpClientExecuteSSRF.java:26:37:26:68 | (...)... : String | provenance | |
400400
| ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) : String | ApacheHttpSSRF.java:28:31:28:34 | sink : String | provenance | Src:MaD:285 |
401401
| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:30:43:30:45 | uri | provenance | Sink:MaD:211 |
402402
| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:32:29:32:31 | uri | provenance | Sink:MaD:217 |
@@ -1405,19 +1405,19 @@ models
14051405
| 304 | Summary: org.apache.http.message; BasicRequestLine; false; BasicRequestLine; ; ; Argument[1]; Argument[this]; taint; manual |
14061406
| 305 | Summary: org.apache.http; HttpHost; true; HttpHost; (String); ; Argument[0]; Argument[this]; taint; hq-manual |
14071407
nodes
1408-
| ApacheHttpClientExecuteSSRF.java:21:29:21:56 | getParameter(...) : String | semmle.label | getParameter(...) : String |
1409-
| ApacheHttpClientExecuteSSRF.java:23:29:23:48 | new HttpHost(...) : HttpHost | semmle.label | new HttpHost(...) : HttpHost |
1410-
| ApacheHttpClientExecuteSSRF.java:23:42:23:47 | source : String | semmle.label | source : String |
1411-
| ApacheHttpClientExecuteSSRF.java:25:37:25:68 | (...)... : String | semmle.label | (...)... : String |
1412-
| ApacheHttpClientExecuteSSRF.java:25:54:25:68 | (...)... : String | semmle.label | (...)... : String |
1413-
| ApacheHttpClientExecuteSSRF.java:30:28:30:31 | host | semmle.label | host |
1408+
| ApacheHttpClientExecuteSSRF.java:22:29:22:56 | getParameter(...) : String | semmle.label | getParameter(...) : String |
1409+
| ApacheHttpClientExecuteSSRF.java:24:29:24:48 | new HttpHost(...) : HttpHost | semmle.label | new HttpHost(...) : HttpHost |
1410+
| ApacheHttpClientExecuteSSRF.java:24:42:24:47 | source : String | semmle.label | source : String |
1411+
| ApacheHttpClientExecuteSSRF.java:26:37:26:68 | (...)... : String | semmle.label | (...)... : String |
1412+
| ApacheHttpClientExecuteSSRF.java:26:54:26:68 | (...)... : String | semmle.label | (...)... : String |
14141413
| ApacheHttpClientExecuteSSRF.java:31:28:31:31 | host | semmle.label | host |
14151414
| ApacheHttpClientExecuteSSRF.java:32:28:32:31 | host | semmle.label | host |
14161415
| ApacheHttpClientExecuteSSRF.java:33:28:33:31 | host | semmle.label | host |
1417-
| ApacheHttpClientExecuteSSRF.java:34:28:34:33 | uriReq | semmle.label | uriReq |
1416+
| ApacheHttpClientExecuteSSRF.java:34:28:34:31 | host | semmle.label | host |
14181417
| ApacheHttpClientExecuteSSRF.java:35:28:35:33 | uriReq | semmle.label | uriReq |
14191418
| ApacheHttpClientExecuteSSRF.java:36:28:36:33 | uriReq | semmle.label | uriReq |
14201419
| ApacheHttpClientExecuteSSRF.java:37:28:37:33 | uriReq | semmle.label | uriReq |
1420+
| ApacheHttpClientExecuteSSRF.java:38:28:38:33 | uriReq | semmle.label | uriReq |
14211421
| ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) : String | semmle.label | getParameter(...) : String |
14221422
| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | semmle.label | new URI(...) : URI |
14231423
| ApacheHttpSSRF.java:28:31:28:34 | sink : String | semmle.label | sink : String |

java/ql/test/stubs/apache-http-client-4.4.13/org/apache/http/impl/client/CloseableHttpClient.java

Lines changed: 7 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/apache-http-client-4.4.13/org/apache/http/impl/client/HttpClients.java

Lines changed: 10 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)