|
193 | 193 | }, |
194 | 194 |
|
195 | 195 |
|
196 | | - { |
197 | | - "comment": "Get an iterator to characters of a tainted string is a tainted iterator.", |
198 | | - "class": "com.ibm.icu.text.RuleBasedCollator", |
199 | | - "method": "getCollationElementIterator:(Ljava/lang/String;)Lcom/ibm/icu/text/CollationElementIterator;", |
200 | | - "input": { |
201 | | - "location": "arg1", |
202 | | - "taint": "Tainted string" |
203 | | - }, |
204 | | - "result": { |
205 | | - "location": "returns", |
206 | | - "taint": "Tainted character iterator" |
207 | | - } |
208 | | - }, |
209 | | - { |
210 | | - "comment": "Tainted integer (character code) is obtained from iterator of tainted character sequence.", |
211 | | - "class": "com.ibm.icu.text.CollationElementIterator", |
212 | | - "method": "next:()I", |
213 | | - "input": { |
214 | | - "location": "this", |
215 | | - "taint": "Tainted character iterator" |
216 | | - }, |
217 | | - "result": { |
218 | | - "location": "returns", |
219 | | - "taint": "Tainted integer" |
220 | | - } |
221 | | - }, |
222 | | - { |
223 | | - "comment": "Converting tainted integer to a tainted string.", |
224 | | - "class": "java.lang.Integer", |
225 | | - "method": "toString:(II)Ljava/lang/String;", |
226 | | - "input": { |
227 | | - "location": "arg0", |
228 | | - "taint": "Tainted integer" |
229 | | - }, |
230 | | - "result": { |
231 | | - "location": "returns", |
232 | | - "taint": "Tainted string" |
233 | | - } |
234 | | - }, |
235 | 196 | { |
236 | 197 | "comment": "Storing tainted string in a list; making the list tainted.", |
237 | 198 | "class": "java.util.List", |
|
257 | 218 | "location": "returns", |
258 | 219 | "taint": "Tainted array" |
259 | 220 | } |
260 | | - }, |
261 | | - { |
262 | | - "comment": "Converting tainted object to tainted string.", |
263 | | - "class": "java.lang.Object", |
264 | | - "method": "toString:()Ljava/lang/String;", |
265 | | - "input": { |
266 | | - "location": "this", |
267 | | - "taint": "Tainted object" |
268 | | - }, |
269 | | - "result": { |
270 | | - "location": "returns", |
271 | | - "taint": "Tainted string" |
272 | | - } |
273 | | - }, |
274 | | - { |
275 | | - "comment": "Setting tainted string to SQL query statement.", |
276 | | - "class": "java.sql.PreparedStatement", |
277 | | - "method": "setString:(ILjava/lang/String;)V", |
278 | | - "input": { |
279 | | - "location": "arg2", |
280 | | - "taint": "Tainted string" |
281 | | - }, |
282 | | - "result": { |
283 | | - "location": "returns", |
284 | | - "taint": "Tainted SQL query statement" |
285 | | - } |
286 | | - }, |
287 | | - { |
288 | | - "comment": "Setting tainted string to SQL query statement.", |
289 | | - "class": "java.sql.PreparedStatement", |
290 | | - "method": "setString:(ILjava/lang/String;)V", |
291 | | - "input": { |
292 | | - "location": "arg2", |
293 | | - "taint": "Tainted object" |
294 | | - }, |
295 | | - "result": { |
296 | | - "location": "this", |
297 | | - "taint": "Tainted SQL query statement" |
298 | | - } |
299 | | - }, |
300 | | - { |
301 | | - "comment": "Using potentially tainted SQL query statement in a query to the database.", |
302 | | - "class": "java.sql.PreparedStatement", |
303 | | - "method": "execute:()Z", |
304 | | - "sinkTarget": { |
305 | | - "location": "this", |
306 | | - "vulnerability": "Tainted SQL query statement" |
307 | | - } |
308 | | - }, |
309 | | - |
310 | | - |
311 | | - |
312 | | - { |
313 | | - "comment": "Copying tainted objects in array as string to SQL query statement.", |
314 | | - "class": "org.dspace.storage.rdbms.DatabaseManager", |
315 | | - "method": "loadParameters:(Ljava/sql/PreparedStatement;[Ljava/lang/Object;)V", |
316 | | - "input": { |
317 | | - "location": "arg2", |
318 | | - "taint": "Tainted array" |
319 | | - }, |
320 | | - "result": { |
321 | | - "location": "returns", |
322 | | - "taint": "Tainted SQL query statement" |
323 | | - } |
324 | 221 | } |
325 | | - |
326 | 222 | ] |
327 | 223 | } |
0 commit comments