diff options
Diffstat (limited to 'sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/ExpressionLanguageInjection.kt')
-rw-r--r-- | sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/ExpressionLanguageInjection.kt | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/ExpressionLanguageInjection.kt b/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/ExpressionLanguageInjection.kt index 9b1e8ca6..1dc1d5f0 100644 --- a/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/ExpressionLanguageInjection.kt +++ b/sanitizers/src/main/java/com/code_intelligence/jazzer/sanitizers/ExpressionLanguageInjection.kt @@ -24,7 +24,7 @@ import java.lang.invoke.MethodHandle /** * Detects injectable inputs to an expression language interpreter which may lead to remote code execution. */ -@Suppress("unused_parameter") +@Suppress("unused_parameter", "unused") object ExpressionLanguageInjection { /** @@ -44,6 +44,16 @@ object ExpressionLanguageInjection { targetClassName = "javax.el.ExpressionFactory", targetMethod = "createMethodExpression", ), + MethodHook( + type = HookType.BEFORE, + targetClassName = "jakarta.el.ExpressionFactory", + targetMethod = "createValueExpression", + ), + MethodHook( + type = HookType.BEFORE, + targetClassName = "jakarta.el.ExpressionFactory", + targetMethod = "createMethodExpression", + ), ) @JvmStatic fun hookElExpressionFactory( @@ -52,10 +62,8 @@ object ExpressionLanguageInjection { arguments: Array<Any>, hookId: Int ) { - if (arguments[1] is String) { - val expression = arguments[1] as String - Jazzer.guideTowardsContainment(expression, EXPRESSION_LANGUAGE_ATTACK, hookId) - } + val expression = arguments[1] as? String ?: return + Jazzer.guideTowardsContainment(expression, EXPRESSION_LANGUAGE_ATTACK, hookId) } // With default configurations the argument to |