2020-06-30 12:49:37 +02:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
|
|
|
|
|
|
== Sensitive Code Example
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
// === javax.xml.xpath.XPath ===
|
|
|
|
|
import javax.xml.namespace.QName;
|
|
|
|
|
import javax.xml.xpath.XPath;
|
|
|
|
|
|
|
|
|
|
import org.xml.sax.InputSource;
|
|
|
|
|
|
|
|
|
|
class M {
|
|
|
|
|
void foo(XPath xpath, String expression, InputSource source, QName returnType, Object item) throws Exception {
|
|
|
|
|
xpath.compile(expression); // Sensitive
|
|
|
|
|
xpath.evaluate(expression, source); // Sensitive
|
|
|
|
|
xpath.evaluate(expression, source, returnType); // Sensitive
|
|
|
|
|
xpath.evaluate(expression, item); // Sensitive
|
|
|
|
|
xpath.evaluate(expression, item, returnType); // Sensitive
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
// === Apache XML Security ===
|
|
|
|
|
import org.apache.xml.utils.PrefixResolver;
|
|
|
|
|
import org.apache.xml.security.utils.XPathAPI;
|
|
|
|
|
import org.w3c.dom.Node;
|
|
|
|
|
|
|
|
|
|
class M {
|
|
|
|
|
void foo(XPathAPI api, Node contextNode, String str, Node namespaceNode, PrefixResolver prefixResolver,
|
|
|
|
|
Node xpathnode) throws Exception {
|
|
|
|
|
api.evaluate(contextNode, xpathnode, str, namespaceNode); // Sensitive
|
|
|
|
|
api.selectNodeList(contextNode, xpathnode, str, namespaceNode); // Sensitive
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
// === Apache Xalan ===
|
|
|
|
|
import org.apache.xml.utils.PrefixResolver;
|
|
|
|
|
import org.apache.xpath.XPathAPI;
|
|
|
|
|
import org.w3c.dom.Node;
|
|
|
|
|
|
|
|
|
|
class M {
|
|
|
|
|
void foo(XPathAPI api, Node contextNode, String str, Node namespaceNode, PrefixResolver prefixResolver)
|
|
|
|
|
throws Exception {
|
|
|
|
|
XPathAPI.eval(contextNode, str); // Sensitive
|
|
|
|
|
XPathAPI.eval(contextNode, str, namespaceNode); // Sensitive
|
|
|
|
|
XPathAPI.eval(contextNode, str, prefixResolver); // Sensitive
|
|
|
|
|
XPathAPI.selectNodeIterator(contextNode, str); // Sensitive
|
|
|
|
|
XPathAPI.selectNodeIterator(contextNode, str, namespaceNode); // Sensitive
|
|
|
|
|
XPathAPI.selectNodeList(contextNode, str); // Sensitive
|
|
|
|
|
XPathAPI.selectNodeList(contextNode, str, namespaceNode); // Sensitive
|
|
|
|
|
XPathAPI.selectSingleNode(contextNode, str); // Sensitive
|
|
|
|
|
XPathAPI.selectSingleNode(contextNode, str, namespaceNode); // Sensitive
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
// === org.apache.commons.jxpath ===
|
|
|
|
|
import org.apache.commons.jxpath.JXPathContext;
|
|
|
|
|
|
|
|
|
|
abstract class A extends JXPathContext{
|
|
|
|
|
A(JXPathContext compilationContext, Object contextBean) {
|
|
|
|
|
super(compilationContext, contextBean);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void foo(JXPathContext context, String str, Object obj, Class<?> requiredType) {
|
|
|
|
|
JXPathContext.compile(str); // Sensitive
|
|
|
|
|
this.compilePath(str); // Sensitive
|
|
|
|
|
context.createPath(str); // Sensitive
|
|
|
|
|
context.createPathAndSetValue(str, obj); // Sensitive
|
|
|
|
|
context.getPointer(str); // Sensitive
|
|
|
|
|
context.getValue(str); // Sensitive
|
|
|
|
|
context.getValue(str, requiredType); // Sensitive
|
|
|
|
|
context.iterate(str); // Sensitive
|
|
|
|
|
context.iteratePointers(str); // Sensitive
|
|
|
|
|
context.removeAll(str); // Sensitive
|
|
|
|
|
context.removePath(str); // Sensitive
|
|
|
|
|
context.selectNodes(str); // Sensitive
|
|
|
|
|
context.selectSingleNode(str); // Sensitive
|
|
|
|
|
context.setValue(str, obj); // Sensitive
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
include::../see.adoc[]
|
2021-06-02 20:44:38 +02:00
|
|
|
|
|
|
|
|
ifdef::rspecator-view[]
|
|
|
|
|
== Comments And Links
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
|
|
|
|
include::comments-and-links.adoc[]
|
|
|
|
|
endif::rspecator-view[]
|
