Skip to content

Java : Add SSTI query #5935

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
smowton merged 6 commits into from Feb 23, 2022
Merged

Java : Add SSTI query #5935

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e536628
Java : Add SSTI query
May 20, 2021
c81d85f
Include suggestions from review
Feb 22, 2022
476997a
Replace more non-breaking spaces
smowton Feb 23, 2022
50d9945
Autoformat
smowton Feb 23, 2022
a8fe10f
Java template injection query: import pathgraph
smowton Feb 23, 2022
7b425a8
Note path query expectations
smowton Feb 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Include suggestions from review
  • Loading branch information
Porcupiney Hairs committed Feb 22, 2022
commit c81d85f32185e91adabcbe3729bc01d077c360e4
4 changes: 2 additions & 2 deletions java/ql/src/experimental/Security/CWE/CWE-094/TemplateInjection.qhelp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,14 @@
<code>code</code>
is used as a Velocity template string. This can lead to remote code execution.
</p>
<sample src="SSTIBad.py" />
<sample src="SSTIBad.java" />

<p>
In the next example the problem is avoided by using a fixed template string
<code>s</code>
. Since, the template is not attacker controlled in this case, we prevent untrusted code execution.
</p>
<sample src="SSTIGood.py" />
<sample src="SSTIGood.java" />
</example>
<references>
<li>Portswigger : [Server Side Template Injection](https://portswigger.net/web-security/server-side-template-injection)</li>
Expand Down
2 changes: 1 addition & 1 deletion java/ql/test/experimental/query-tests/security/CWE-094/JinJavaSSTI.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ public void bad1(HttpServletRequest request) {
String template = request.getParameter("template");
Jinjava jinjava = new Jinjava();
Map<String, Object> context = new HashMap<>();
// String render(String template, Map<String,​?> bindings)
// String render(String template, Map<String,​?> bindings)
String renderedTemplate = jinjava.render(template, context);
}

Expand Down