ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4817/java/rule.adoc
Fred Tingaud 16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
2023-05-25 14:18:12 +02:00

120 lines
4.0 KiB
Plaintext
Raw Blame History

include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
----
// === javax.xml.xpath.XPath ===
import javax.xml.namespace.QName;
import javax.xml.xpath.XPath;
import org.xml.sax.InputSource;
class M {
void foo(XPath xpath, String expression, InputSource source, QName returnType, Object item) throws Exception {
xpath.compile(expression); // Sensitive
xpath.evaluate(expression, source); // Sensitive
xpath.evaluate(expression, source, returnType); // Sensitive
xpath.evaluate(expression, item); // Sensitive
xpath.evaluate(expression, item, returnType); // Sensitive
}
}
----
----
// === Apache XML Security ===
import org.apache.xml.utils.PrefixResolver;
import org.apache.xml.security.utils.XPathAPI;
import org.w3c.dom.Node;
class M {
void foo(XPathAPI api, Node contextNode, String str, Node namespaceNode, PrefixResolver prefixResolver,
Node xpathnode) throws Exception {
api.evaluate(contextNode, xpathnode, str, namespaceNode); // Sensitive
api.selectNodeList(contextNode, xpathnode, str, namespaceNode); // Sensitive
}
}
----
----
// === Apache Xalan ===
import org.apache.xml.utils.PrefixResolver;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Node;
class M {
void foo(XPathAPI api, Node contextNode, String str, Node namespaceNode, PrefixResolver prefixResolver)
throws Exception {
XPathAPI.eval(contextNode, str); // Sensitive
XPathAPI.eval(contextNode, str, namespaceNode); // Sensitive
XPathAPI.eval(contextNode, str, prefixResolver); // Sensitive
XPathAPI.selectNodeIterator(contextNode, str); // Sensitive
XPathAPI.selectNodeIterator(contextNode, str, namespaceNode); // Sensitive
XPathAPI.selectNodeList(contextNode, str); // Sensitive
XPathAPI.selectNodeList(contextNode, str, namespaceNode); // Sensitive
XPathAPI.selectSingleNode(contextNode, str); // Sensitive
XPathAPI.selectSingleNode(contextNode, str, namespaceNode); // Sensitive
}
}
----
----
// === org.apache.commons.jxpath ===
import org.apache.commons.jxpath.JXPathContext;
abstract class A extends JXPathContext{
A(JXPathContext compilationContext, Object contextBean) {
super(compilationContext, contextBean);
}
void foo(JXPathContext context, String str, Object obj, Class<?> requiredType) {
JXPathContext.compile(str); // Sensitive
this.compilePath(str); // Sensitive
context.createPath(str); // Sensitive
context.createPathAndSetValue(str, obj); // Sensitive
context.getPointer(str); // Sensitive
context.getValue(str); // Sensitive
context.getValue(str, requiredType); // Sensitive
context.iterate(str); // Sensitive
context.iteratePointers(str); // Sensitive
context.removeAll(str); // Sensitive
context.removePath(str); // Sensitive
context.selectNodes(str); // Sensitive
context.selectSingleNode(str); // Sensitive
context.setValue(str, obj); // Sensitive
}
}
----
== See
* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
* https://cwe.mitre.org/data/definitions/643[MITRE, CWE-643] - Improper Neutralization of Data within XPath Expressions
* https://wiki.sei.cmu.edu/confluence/x/cDZGBQ[CERT, IDS53-J.] - Prevent XPath Injection
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
'''
== Comments And Links
(visible only on this page)
=== on 17 Sep 2018, 18:55:00 Nicolas Harraudeau wrote:
Note: JXPath is a little different as it targets Beans and other objects but it should be as vulnerable.
=== on 9 May 2019, 15:59:45 Nicolas Harraudeau wrote:
This rule is deprecated for Java because it is handled by the taint analysis engine (RSPEC-2091).
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink