💻
Secure Code Review Fundamentals
  • Start Here
  • Java
    • Common Sinks
    • Gadget Hunting
    • JRMP
    • Spring [todo]
    • JPA [todo]
    • JDBC [todo]
    • RMI [todo]
    • JNDI [todo]
    • Servlets [todo]
    • Tomcat [todo]
    • JavaServer Faces [todo]
    • JBoss [todo]
    • JavaBean
    • Remote Debugging Tomcat Web Applications
    • Expression Language
      • CVE-2020-9297
      • Exploitation
  • PHP
    • Classic Deserialization (POP) [todo]
    • Common Sinks [todo]
    • PHAR Deserialization [todo]
  • Ruby
    • Common Sinks
    • YAML deserialization [todo]
    • Rails Active Record SQL Injection
  • Python
    • Common Sinks
    • YAML deserialization [todo]
  • Tools
    • CodeQL [todo]
  • Code Review Fundamentals
    • Techniques
  • Untitled
  • CodeQL
    • Common Classes [Java]
    • Useful Classes [Java]
    • Compiling Databases
  • Semgrep
    • About
    • Real World Examples
      • Java == String Equality
Powered by GitBook
On this page

Was this helpful?

  1. CodeQL

Common Classes [Java]

A snippet of the code which will be used to demonstrate examples:

// SOURCE: mhttps://github.com/ScaleSec/vulnado

package com.scalesec.vulnado;

import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
import org.jsoup.select.Elements;
import java.util.ArrayList;
import java.util.List;
import java.io.IOException;
import java.net.*;


public class LinkLister {
  public static List<String> getLinks(String url) throws IOException {
    List<String> result = new ArrayList<String>();
    Document doc = Jsoup.connect(url).get();
    Elements links = doc.select("a");
    for (Element link : links) {
      result.add(link.absUrl("href"));
    }
    return result;
  }

  public static List<String> getLinksV2(String url) throws BadRequest {
    try {
      URL aUrl= new URL(url);
      String host = aUrl.getHost();
      System.out.println(host);
      if (host.startsWith("172.") || host.startsWith("192.168") || host.startsWith("10.")){
        throw new BadRequest("Use of Private IP");
      } else {
        return getLinks(url);
      }
    } catch(Exception e) {
      throw new BadRequest(e.getMessage());
    }
  }
}
// SOURCE: mhttps://github.com/ScaleSec/vulnado

package com.scalesec.vulnado;

import org.springframework.boot.*;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;
import org.springframework.boot.autoconfigure.*;
import java.util.List;
import java.io.Serializable;
import java.io.IOException;


@RestController
@EnableAutoConfiguration
public class LinksController {
  @RequestMapping(value = "/links", produces = "application/json")
  List<String> links(@RequestParam String url) throws IOException{
    return LinkLister.getLinks(url);
  }
  @RequestMapping(value = "/links-v2", produces = "application/json")
  List<String> linksV2(@RequestParam String url) throws BadRequest{
    return LinkLister.getLinksV2(url);
  }
}

Common Classes and their use-cases

Method - Returns all the methods which are defined.

from Method m
where m.hasQualifiedName("com.scalesec.vulnado", "LinkLister", "getLinksV2")
select m

Common predicates of the Methodclass:

  • hasQualifiedName() - Returns all the methods that belong to the specific class.

  • getCallee() - Returns all the calls the method makes:

  • getDeclaringType() - Gets the class where this method is declared:

MethodAccess - Returns all the methods which were invoked with a list of arguments.

from MethodAccess m
where m.getMethod().hasQualifiedName("com.scalesec.vulnado", "LinkLister" , "getLinksV2")
select m

Common predicates of the MethodAccess class:

  • getMethod() - Cast the MethodAccess object of type Method so the predicates listed above can be called.

  • getCaller() - Returns all the locations (<- change this word) from where the method is called:

PreviousUntitledNextUseful Classes [Java]

Last updated 3 years ago

Was this helpful?