Merge pull request diffblue#394 from diffblue/add_alfresco_rules

marek-trtik · web-flow · commit 4bfb1efbbf32 · 2018-04-27T17:54:51.000+01:00
Added rules file for Alfresco.
diff --git a/benchmarks/GENUINE/AlfrescoRules.json b/benchmarks/GENUINE/AlfrescoRules.json
@@ -0,0 +1,106 @@
+{
+  "namespace": "com.diffblue.security",
+  "rules":
+  [
+    {
+      "comment": "Global FacesContext is potentially tainted",
+      "class": "javax.faces.context.FacesContext",
+      "method": "getCurrentInstance:()Ljavax/faces/context/FacesContext;",
+      "result": {
+        "location": "returns",
+        "taint": "Tainted FacesContext"
+      }
+    },
+    {
+      "comment": "Tainted FacesContext gives a tainted ResponseWriter",
+      "class": "javax.faces.context.FacesContext",
+      "method": "getResponseWriter:()Ljavax/faces/context/ResponseWriter;",
+      "input": {
+        "location": "this",
+        "taint": "Tainted FacesContext"
+      },
+      "result": {
+        "location": "returns",
+        "taint": "Tainted ResponseWriter"
+      }
+    },
+    {
+      "comment": "A JSONWriter created from a tainted ResponseWriter is tainted",
+      "class": "org.springframework.extensions.webscripts.json.JSONWriter",
+      "method": "<init>:(Ljava/io/Writer;)V",
+      "input": {
+        "location": "arg1",
+        "taint": "Tainted ResponseWriter"
+      },
+      "result": {
+        "location": "this",
+        "taint": "Tainted JSONWriter"
+      }
+    },
+    {
+      "comment": "Tainted FacesContext gives a tainted ExternalContext",
+      "class": "javax.faces.context.FacesContext",
+      "method": "getExternalContext:()Ljavax/faces/context/ExternalContext;",
+      "input": {
+        "location": "this",
+        "taint": "Tainted FacesContext"
+      },
+      "result": {
+        "location": "returns",
+        "taint": "Tainted ExternalContext"
+      }
+    },
+    {
+      "comment": "Tainted ExternalContext gives a tainted parameter map",
+      "class": "javax.faces.context.ExternalContext",
+      "method": "getRequestParameterMap:()Ljava/util/Map;",
+      "input": {
+        "location": "this",
+        "taint": "Tainted ExternalContext"
+      },
+      "result": {
+        "location": "returns",
+        "taint": "Tainted Parameter Map"
+      }
+    },
+    {
+      "comment": "Get on a tainted map returns a tainted object",
+      "class": "java.util.Map",
+      "method": "get:(Ljava/lang/Object;)Ljava/lang/Object;",
+      "input": {
+        "location": "this",
+        "taint": "Tainted Parameter Map"
+      },
+      "result": {
+        "location": "returns",
+        "taint": "Tainted String"
+      }
+    },
+    {
+      "comment": "Writing a tainted string to a vulnerable JSONWriter is a sink",
+      "class": "org.springframework.extensions.webscripts.json.JSONWriter",
+      "method": "writeValue:(Ljava/lang/String;Ljava/lang/String;)Lorg/springframework/extensions/webscripts/json/JSONWriter;",
+      "input": {
+        "location": "arg1",
+        "taint": "Tainted String"
+      },
+      "sinkTarget": {
+        "location": "this",
+        "vulnerability": "Tainted JSONWriter"
+      }
+    },
+    {
+      "comment": "Writing a tainted string to a vulnerable JSONWriter is a sink",
+      "class": "org.springframework.extensions.webscripts.json.JSONWriter",
+      "method": "writeValue:(Ljava/lang/String;Ljava/lang/String;)Lorg/springframework/extensions/webscripts/json/JSONWriter;",
+      "input": {
+        "location": "arg2",
+        "taint": "Tainted String"
+      },
+      "sinkTarget": {
+        "location": "this",
+        "vulnerability": "Tainted JSONWriter"
+      }
+    }
+  ]
+}
