Skip to content

Commit a9f107c

Browse files
committed
Added missing "GOOD" and "BAD" to some examples
1 parent 180782d commit a9f107c

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

41 files changed

+47
-36
lines changed

java/ql/src/Security/CWE/CWE-020/ExternalAPITaintStepExample.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
44

55
StringBuilder sqlQueryBuilder = new StringBuilder();
66
sqlQueryBuilder.append("SELECT * FROM user WHERE user_id='");
7+
// BAD: a request parameter is concatenated directly into a SQL query
78
sqlQueryBuilder.append(request.getParameter("user_id"));
89
sqlQueryBuilder.append("'");
910

java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
public class PartialPathTraversalBad {
22
public void example(File dir, File parent) throws IOException {
3-
if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) {
3+
if (!dir.getCanonicalPath().startsWith(parent.getCanonicalPath())) { // BAD: dir.getCanonicalPath() not slash-terminated
44
throw new IOException("Path traversal attempt: " + dir.getCanonicalPath());
55
}
66
}

java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
public class PartialPathTraversalGood {
44
public void example(File dir, File parent) throws IOException {
5-
if (!dir.toPath().normalize().startsWith(parent.toPath())) {
5+
if (!dir.toPath().normalize().startsWith(parent.toPath())) { // GOOD: Check if dir.Path() is normalised
66
throw new IOException("Path traversal attempt: " + dir.getCanonicalPath());
77
}
88
}

java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterfaceExample.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,4 +20,4 @@ public String studentEmail(String studentName) {
2020
webview.loadData("", "text/html", null);
2121

2222
String name = "Robert'; DROP TABLE students; --";
23-
webview.loadUrl("javascript:alert(exposedObject.studentEmail(\""+ name +"\"))");
23+
webview.loadUrl("javascript:alert(exposedObject.studentEmail(\""+ name +"\"))"); // BAD: Untrusted input loaded into WebView
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
11
WebSettings settings = webview.getSettings();
2-
settings.setJavaScriptEnabled(false);
2+
settings.setJavaScriptEnabled(false); // GOOD: webview has JavaScript disabled
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
11
WebSettings settings = webview.getSettings();
2-
settings.setJavaScriptEnabled(true);
2+
settings.setJavaScriptEnabled(true); // BAD: webview has JavaScript enabled

java/ql/src/Security/CWE/CWE-094/GroovyInjectionBad.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,26 +2,26 @@ public class GroovyInjection {
22
void injectionViaClassLoader(HttpServletRequest request) {
33
String script = request.getParameter("script");
44
final GroovyClassLoader classLoader = new GroovyClassLoader();
5-
Class groovy = classLoader.parseClass(script);
5+
Class groovy = classLoader.parseClass(script); // BAD: Groovy code injection
66
GroovyObject groovyObj = (GroovyObject) groovy.newInstance();
77
}
88

99
void injectionViaEval(HttpServletRequest request) {
1010
String script = request.getParameter("script");
11-
Eval.me(script);
11+
Eval.me(script); // BAD: Groovy code injection
1212
}
1313

1414
void injectionViaGroovyShell(HttpServletRequest request) {
1515
GroovyShell shell = new GroovyShell();
1616
String script = request.getParameter("script");
17-
shell.evaluate(script);
17+
shell.evaluate(script); // BAD: Groovy code injection
1818
}
1919

2020
void injectionViaGroovyShellGroovyCodeSource(HttpServletRequest request) {
2121
GroovyShell shell = new GroovyShell();
2222
String script = request.getParameter("script");
2323
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
24-
shell.evaluate(gcs);
24+
shell.evaluate(gcs); // BAD: Groovy code injection
2525
}
2626
}
2727

java/ql/src/Security/CWE/CWE-094/InstallApkWithFile.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,6 @@
99
File file = new File(Environment.getExternalStorageDirectory(), "myapp.apk");
1010
Intent intent = new Intent(Intent.ACTION_VIEW);
1111
/* Set the mimetype to APK */
12-
intent.setDataAndType(Uri.fromFile(file), "application/vnd.android.package-archive");
12+
intent.setDataAndType(Uri.fromFile(file), "application/vnd.android.package-archive"); // BAD: The file may be altered by another app
1313

1414
startActivity(intent);

java/ql/src/Security/CWE/CWE-094/InstallApkWithFileProvider.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@
2121

2222
/* Expose temporary file with FileProvider */
2323
File toInstall = new File(this.getFilesDir(), tempFilename);
24-
Uri applicationUri = FileProvider.getUriForFile(this, "com.example.apkprovider", toInstall);
24+
Uri applicationUri = FileProvider.getUriForFile(this, "com.example.apkprovider", toInstall); // GOOD: The file is protected by FileProvider
2525

2626
/* Create Intent and set data to APK file. */
2727
Intent intent = new Intent(Intent.ACTION_INSTALL_PACKAGE);

java/ql/src/Security/CWE/CWE-094/InstallApkWithPackageInstaller.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
// GOOD: Package installed using PackageInstaller
12
import android.content.Context;
23
import android.content.Intent;
34
import android.content.pm.PackageInstaller;

0 commit comments

Comments
 (0)