Skip to content

Instantly share code, notes, and snippets.

@conikeec

conikeec/gist:add8a98ed80bc38c4c190008b0497caa

Last active October 10, 2019 18:59
Show Gist options
  • Save conikeec/add8a98ed80bc38c4c190008b0497caa to your computer and use it in GitHub Desktop.
Save conikeec/add8a98ed80bc38c4c190008b0497caa to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
val source = serverCpg.method.name("wrapStream").methodReturn
val sink = serverCpg.method.fullName(".*ObjectInputStream.*readObject.*").parameter
val exploitiveFlow = sink.reachableBy(source).flows.p
[main] INFO mainTasksSize: 1, reachedEndNode: 1,
res16: List[String] = List(
""" ________________________________________________________________________________________________________________________________________
| tracked | lineNumber| method | file |
|=======================================================================================================================================|
| ret | N/A | wrapStream | org/apache/logging/log4j/core/net/server/LogEventBridge.java |
| $r3.wrapStream(bais)| 137 | run | org/apache/logging/log4j/core/net/server/UdpSocketServer.java |
| param1 | N/A | <operator>.assignment| N/A |
| param0 | N/A | <operator>.assignment| N/A |
| $r5 | 137 | run | org/apache/logging/log4j/core/net/server/UdpSocketServer.java |
| $r5 | 137 | run | org/apache/logging/log4j/core/net/server/UdpSocketServer.java |
| inputStream | 34 | logEvents | org/apache/logging/log4j/core/net/server/ObjectInputStreamLogEventBridge.java|
| inputStream | 35 | logEvents | org/apache/logging/log4j/core/net/server/ObjectInputStreamLogEventBridge.java|
| this | N/A | readObject | java/io/ObjectInputStream.java |
"""
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment