Skip to content

Commit d7659a0

Browse files
CopilotCopilot
authored
Make ApacheHttpClientExecuteSSRF setup runtime-valid
1 parent dc86476 commit d7659a0

1 file changed

Lines changed: 154 additions & 2 deletions

File tree

java/ql/test/query-tests/security/CWE-918/ApacheHttpClientExecuteSSRF.java

Lines changed: 154 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,18 @@
11
import java.io.IOException;
2+
import java.net.URI;
23

4+
import org.apache.http.Header;
5+
import org.apache.http.HeaderIterator;
36
import org.apache.http.HttpHost;
47
import org.apache.http.HttpRequest;
8+
import org.apache.http.HttpResponse;
9+
import org.apache.http.ProtocolVersion;
10+
import org.apache.http.RequestLine;
511
import org.apache.http.client.HttpClient;
612
import org.apache.http.client.ResponseHandler;
713
import org.apache.http.client.methods.HttpUriRequest;
814
import org.apache.http.message.BasicHttpRequest;
15+
import org.apache.http.params.HttpParams;
916
import org.apache.http.protocol.HttpContext;
1017
import javax.servlet.ServletException;
1118
import javax.servlet.http.HttpServlet;
@@ -22,9 +29,154 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
2229

2330
HttpHost host = new HttpHost(sink);
2431
HttpRequest req = new BasicHttpRequest("GET", "/");
25-
HttpUriRequest uriReq = (HttpUriRequest) (Object) sink;
32+
HttpUriRequest uriReq = new HttpUriRequest() {
33+
@Override
34+
public String getMethod() {
35+
return "GET";
36+
}
37+
38+
@Override
39+
public URI getURI() {
40+
return URI.create("https://" + sink);
41+
}
42+
43+
@Override
44+
public void abort() throws UnsupportedOperationException {
45+
}
46+
47+
@Override
48+
public boolean isAborted() {
49+
return false;
50+
}
51+
52+
@Override
53+
public RequestLine getRequestLine() {
54+
return null;
55+
}
56+
57+
@Override
58+
public ProtocolVersion getProtocolVersion() {
59+
return null;
60+
}
61+
62+
@Override
63+
public boolean containsHeader(String name) {
64+
return false;
65+
}
66+
67+
@Override
68+
public Header[] getHeaders(String name) {
69+
return null;
70+
}
71+
72+
@Override
73+
public Header getFirstHeader(String name) {
74+
return null;
75+
}
76+
77+
@Override
78+
public Header getLastHeader(String name) {
79+
return null;
80+
}
81+
82+
@Override
83+
public Header[] getAllHeaders() {
84+
return null;
85+
}
86+
87+
@Override
88+
public void addHeader(Header header) {
89+
}
90+
91+
@Override
92+
public void addHeader(String name, String value) {
93+
}
94+
95+
@Override
96+
public void setHeader(Header header) {
97+
}
98+
99+
@Override
100+
public void setHeader(String name, String value) {
101+
}
102+
103+
@Override
104+
public void setHeaders(Header[] headers) {
105+
}
106+
107+
@Override
108+
public void removeHeader(Header header) {
109+
}
110+
111+
@Override
112+
public void removeHeaders(String name) {
113+
}
114+
115+
@Override
116+
public HeaderIterator headerIterator() {
117+
return null;
118+
}
119+
120+
@Override
121+
public HeaderIterator headerIterator(String name) {
122+
return null;
123+
}
124+
125+
@Override
126+
public HttpParams getParams() {
127+
return null;
128+
}
129+
130+
@Override
131+
public void setParams(HttpParams params) {
132+
}
133+
};
26134
HttpContext context = null;
27-
HttpClient client = null;
135+
HttpClient client = new HttpClient() {
136+
@Override
137+
public HttpResponse execute(HttpHost target, HttpRequest request) throws IOException {
138+
return null;
139+
}
140+
141+
@Override
142+
public HttpResponse execute(HttpHost target, HttpRequest request, HttpContext context) throws IOException {
143+
return null;
144+
}
145+
146+
@Override
147+
public <T> T execute(HttpHost target, HttpRequest request, ResponseHandler<? extends T> responseHandler)
148+
throws IOException {
149+
return null;
150+
}
151+
152+
@Override
153+
public <T> T execute(HttpHost target, HttpRequest request, ResponseHandler<? extends T> responseHandler,
154+
HttpContext context) throws IOException {
155+
return null;
156+
}
157+
158+
@Override
159+
public HttpResponse execute(HttpUriRequest request) throws IOException {
160+
return null;
161+
}
162+
163+
@Override
164+
public HttpResponse execute(HttpUriRequest request, HttpContext context) throws IOException {
165+
return null;
166+
}
167+
168+
@Override
169+
public <T> T execute(HttpUriRequest request, ResponseHandler<? extends T> responseHandler)
170+
throws IOException {
171+
return null;
172+
}
173+
174+
@Override
175+
public <T> T execute(HttpUriRequest request, ResponseHandler<? extends T> responseHandler,
176+
HttpContext context) throws IOException {
177+
return null;
178+
}
179+
};
28180
ResponseHandler<Object> handler = null;
29181

30182
client.execute(host, req); // $ Alert

0 commit comments

Comments
 (0)