Use InlineExpectationsTest

Author: atorralba

java/ql/test/query-tests/security/CWE-094/FreemarkerSSTI.java

@@ -23,8 +23,7 @@ public void bad1(HttpServletRequest request) {
 		String code = request.getParameter("code");
 		Reader reader = new StringReader(code);
 
-		// Template(java.lang.String name, java.io.Reader reader)
-		Template t = new Template(name, reader);
+		Template t = new Template(name, reader); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad2")
@@ -33,9 +32,8 @@ public void bad2(HttpServletRequest request) {
 		String code = request.getParameter("code");
 		Reader reader = new StringReader(code);
 		Configuration cfg = new Configuration();
-		
-		// Template(java.lang.String name, java.io.Reader reader, Configuration cfg)
-		Template t = new Template(name, reader, cfg);
+
+		Template t = new Template(name, reader, cfg); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad3")
@@ -45,9 +43,7 @@ public void bad3(HttpServletRequest request) {
 		Reader reader = new StringReader(code);
 		Configuration cfg = new Configuration();
 
-		// Template(java.lang.String name, java.io.Reader reader, Configuration cfg,
-		// java.lang.String encoding)
-		Template t = new Template(name, reader, cfg, "UTF-8");
+		Template t = new Template(name, reader, cfg, "UTF-8"); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad4")
@@ -56,9 +52,7 @@ public void bad4(HttpServletRequest request) {
 		String sourceCode = request.getParameter("sourceCode");
 		Configuration cfg = new Configuration();
 
-		// Template(java.lang.String name, java.lang.String sourceCode, Configuration
-		// cfg)
-		Template t = new Template(name, sourceCode, cfg);
+		Template t = new Template(name, sourceCode, cfg); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad5")
@@ -68,9 +62,7 @@ public void bad5(HttpServletRequest request) {
 		Configuration cfg = new Configuration();
 		Reader reader = new StringReader(code);
 
-		// Template(java.lang.String name, java.lang.String sourceName, java.io.Reader
-		// reader, Configuration cfg)
-		Template t = new Template(name, sourceName, reader, cfg);
+		Template t = new Template(name, sourceName, reader, cfg); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad6")
@@ -81,10 +73,8 @@ public void bad6(HttpServletRequest request) {
 		ParserConfiguration customParserConfiguration = new Configuration();
 		Reader reader = new StringReader(code);
 
-		// Template(java.lang.String name, java.lang.String sourceName, java.io.Reader
-		// reader, Configuration cfg, ParserConfiguration customParserConfiguration,
-		// java.lang.String encoding)
-		Template t = new Template(name, sourceName, reader, cfg, customParserConfiguration, "UTF-8");
+		Template t =
+				new Template(name, sourceName, reader, cfg, customParserConfiguration, "UTF-8"); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad7")
@@ -95,38 +85,33 @@ public void bad7(HttpServletRequest request) {
 		ParserConfiguration customParserConfiguration = new Configuration();
 		Reader reader = new StringReader(code);
 
-		// Template(java.lang.String name, java.lang.String sourceName, java.io.Reader
-		// reader, Configuration cfg, java.lang.String encoding)
-		Template t = new Template(name, sourceName, reader, cfg, "UTF-8");
+		Template t = new Template(name, sourceName, reader, cfg, "UTF-8"); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad8")
 	public void bad8(HttpServletRequest request) {
 		String code = request.getParameter("code");
 		StringTemplateLoader stringLoader = new StringTemplateLoader();
 
-		// void putTemplate(java.lang.String name, java.lang.String templateContent)
-		stringLoader.putTemplate("myTemplate", code);
+		stringLoader.putTemplate("myTemplate", code); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad9")
 	public void bad9(HttpServletRequest request) {
 		String code = request.getParameter("code");
 		StringTemplateLoader stringLoader = new StringTemplateLoader();
-		
-		// void putTemplate(java.lang.String name, java.lang.String templateContent,
-		// long lastModified)
-		stringLoader.putTemplate("myTemplate", code, 0);
+
+		stringLoader.putTemplate("myTemplate", code, 0); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad10")
 	public void bad10(HttpServletRequest request) {
-		HashMap<Object,Object> root = new HashMap();
+		HashMap<Object, Object> root = new HashMap();
 		String code = request.getParameter("code");
-        root.put("code", code);
+		root.put("code", code);
 		Configuration cfg = new Configuration();
-        Template temp = cfg.getTemplate("test.ftlh");        
-        OutputStreamWriter out = new OutputStreamWriter(System.out);
-        temp.process(root, out);
+		Template temp = cfg.getTemplate("test.ftlh");
+		OutputStreamWriter out = new OutputStreamWriter(System.out);
+		temp.process(root, out); // $hasTemplateInjection
 	}
 }

java/ql/test/query-tests/security/CWE-094/JinJavaSSTI.java

@@ -21,17 +21,15 @@ public void bad1(HttpServletRequest request) {
 		String template = request.getParameter("template");
 		Jinjava jinjava = new Jinjava();
 		Map<String, Object> context = new HashMap<>();
-		// String render(String template, Map<String, ?> bindings)
-		String renderedTemplate = jinjava.render(template, context);
+		String renderedTemplate = jinjava.render(template, context); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad2")
 	public void bad2(HttpServletRequest request) {
 		String template = request.getParameter("template");
 		Jinjava jinjava = new Jinjava();
 		Map<String, Object> bindings = new HashMap<>();
-		// RenderResult renderForResult (String template, Map<String, ?> bindings)
-		RenderResult renderResult = jinjava.renderForResult(template, bindings);
+		RenderResult renderResult = jinjava.renderForResult(template, bindings); // $hasTemplateInjection
 	}
 
 	@GetMapping(value = "bad3")
@@ -41,8 +39,6 @@ public void bad3(HttpServletRequest request) {
 		Map<String, Object> bindings = new HashMap<>();
 		JinjavaConfig renderConfig = new JinjavaConfig();
 
-		// RenderResult renderForResult (String template, Map<String, ?> bindings,
-		// JinjavaConfig renderConfig)
-		RenderResult renderResult = jinjava.renderForResult(template, bindings, renderConfig);
+		RenderResult renderResult = jinjava.renderForResult(template, bindings, renderConfig); // $hasTemplateInjection
 	}
 }

java/ql/test/query-tests/security/CWE-094/PebbleSSTI.java

@@ -17,14 +17,15 @@ public class PebbleSSTI {
 	public void bad1(HttpServletRequest request) {
 		String code = request.getParameter("code");
 		PebbleEngine engine = new PebbleEngine.Builder().build();
-		// public PebbleTemplate getTemplate(String templateName) 
-		PebbleTemplate compiledTemplate = engine.getTemplate(code);
+		// public PebbleTemplate getTemplate(String templateName)
+		PebbleTemplate compiledTemplate = engine.getTemplate(code); // $hasTemplateInjection
 	}
+
 	@GetMapping(value = "bad2")
 	public void bad2(HttpServletRequest request) {
 		String code = request.getParameter("code");
 		PebbleEngine engine = new PebbleEngine.Builder().build();
-		// public PebbleTemplate getLiteralTemplate(String templateName) 
-		PebbleTemplate compiledTemplate = engine.getLiteralTemplate(code);
+		// public PebbleTemplate getLiteralTemplate(String templateName)
+		PebbleTemplate compiledTemplate = engine.getLiteralTemplate(code); // $hasTemplateInjection
 	}
 }