-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
v1ll4n
committed
Aug 5, 2024
1 parent
c9e82e2
commit 1189804
Showing
7 changed files
with
81 additions
and
2 deletions.
There are no files selected for viewing
12 changes: 12 additions & 0 deletions
12
java-mybatis-plus-mapper/java-mybatis-injection-checking.sf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| desc( | ||
| title: 'checking []', | ||
| type: audit | ||
| ) | ||
|
|
||
| // write your SyntaxFlow Rule, like: | ||
| // DocumentBuilderFactory.newInstance()...parse(* #-> * as $source) as $sink; // find some call chain for parse | ||
| // check $sink then 'find sink point' else 'No Found' // if not found sink, the rule will stop here and report error | ||
| // alert $source // record $source | ||
|
|
||
|
|
||
| // the template is generate by yak.ssa.syntaxflow command line |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| package com.mycompany.myapp; | ||
|
|
||
| public interface UserMapper { | ||
| User getUser(int id); | ||
| int insertUser(User user); | ||
| void updateUser(User user); | ||
| void deleteUser(int id); | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| <?xml version="1.0" encoding="UTF-8" ?> | ||
| <!DOCTYPE mapper | ||
| PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" | ||
| "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> | ||
|
|
||
| <mapper namespace="com.mycompany.myapp.UserMapper"> | ||
| <resultMap id="UserResult" type="com.mycompany.myapp.User"> | ||
| <id property="id" column="id" /> | ||
| <result property="name" column="name" /> | ||
| <result property="email" column="email" /> | ||
| </resultMap> | ||
|
|
||
| <select id="getUser" resultMap="UserResult"> | ||
| SELECT * FROM User WHERE id = #{id} | ||
| </select> | ||
|
|
||
| <insert id="insertUser" useGeneratedKeys="true" keyProperty="id"> | ||
| INSERT INTO User (name, email) VALUES (#{name}, #{email}) | ||
| </insert> | ||
|
|
||
| <update id="updateUser"> | ||
| UPDATE User SET name=#{name}, email=#{email} WHERE id=#{id} | ||
| </update> | ||
|
|
||
| <delete id="deleteUser"> | ||
| DELETE FROM User WHERE id=#{id} | ||
| </delete> | ||
| </mapper> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" | ||
| "http://mybatis.org/dtd/mybatis-3-config.dtd"> | ||
| <configuration> | ||
| <environments default="development"> | ||
| <environment id="development"> | ||
| <transactionManager type="JDBC"/> | ||
| <dataSource type="POOLED"> | ||
| <property name="driver" value="com.mysql.jdbc.Driver"/> | ||
| <property name="url" value="jdbc:mysql://localhost:3306/mydatabase"/> | ||
| <property name="username" value="root"/> | ||
| <property name="password" value="password"/> | ||
| </dataSource> | ||
| </environment> | ||
| </environments> | ||
| <mappers> | ||
| <mapper resource="com/mycompany/myapp/BaseMapper.xml"/> | ||
| </mappers> | ||
| </configuration> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| desc( | ||
| title: 'checking []', | ||
| type: audit | ||
| ) | ||
|
|
||
| // Action.__ref__?{opcode: function}<getObject> as $actions; | ||
| .inherits?{have: ActionSupport}<getObject>.set*?{opcode: function} as $setter; | ||
| $setter<name><regexp("^set(\\w+)$", group=1)><strlower> as $name; | ||
| $setter<getObject><name>?{!have: ':' && !have: " " && !have: '='} as $class; | ||
|
|
||
|
|
||
| <fuzztag("{{class}}./(?i){{name}}/ as $entry")><eval>; |