conikeec · December 17, 2019 07:12
diff --git a/step_two.scala b/step_two.scala
 //define the source function and attacker controlled vector (which is the email address parameter)
 val source = cpg.method.fullNameExact("org.baeldung.web.controller.RegistrationController.resetPasswordBad:org.baeldung.web.util.GenericResponse(javax.servlet.http.HttpServletRequest,java.lang.String)").parameter.evalType("java.lang.String")

 // The DB lookup function is a part of the IUserService interface, implemented by UserService here https://github.com/conikeec/spring-security-registration/blob/master/src/main/java/org/baeldung/service/UserService.java#L136
 val DB_LOOKUP_FN_EXPR = ".*findUserByEmail.*"

 //define the sink function that participates in the data flow
 val sink = cpg.method.name(DB_LOOKUP_FN_EXPR).parameter.evalType("java.lang.String")

 // Verify BUSINESS LOGIC FLAW check to determine if attack controller vector (email) is caseFolded prior to DB lookup
 sink.reachableBy(source).flows.passes(_.isCall.name(".*toLowerCase.*")).p

  """ _____________________________________________________________________________________________________________________
 | tracked                | lineNumber| method               | file                                                   |
 |====================================================================================================================|
 | userEmail              | 134       | resetPasswordBad     | org/baeldung/web/controller/RegistrationController.java|
 | userEmail              | 135       | resetPasswordBad     | org/baeldung/web/controller/RegistrationController.java|
 | this                   | N/A       | toLowerCase          | java/lang/String.java                                  |
 | ret                    | N/A       | toLowerCase          | java/lang/String.java                                  |
 | userEmail.toLowerCase()| 135       | resetPasswordBad     | org/baeldung/web/controller/RegistrationController.java|
 | param1                 | N/A       | <operator>.assignment| N/A                                                    |
 | param0                 | N/A       | <operator>.assignment| N/A                                                    |
 | $r1                    | 135       | resetPasswordBad     | org/baeldung/web/controller/RegistrationController.java|
 | $r1                    | 135       | resetPasswordBad     | org/baeldung/web/controller/RegistrationController.java|
 | param0                 | N/A       | findUserByEmail      | org/baeldung/service/IUserService.java                 |
 """
	//define the source function and attacker controlled vector (which is the email address parameter)
	val source = cpg.method.fullNameExact("org.baeldung.web.controller.RegistrationController.resetPasswordBad:org.baeldung.web.util.GenericResponse(javax.servlet.http.HttpServletRequest,java.lang.String)").parameter.evalType("java.lang.String")

	// The DB lookup function is a part of the IUserService interface, implemented by UserService here https://github.com/conikeec/spring-security-registration/blob/master/src/main/java/org/baeldung/service/UserService.java#L136
	val DB_LOOKUP_FN_EXPR = ".findUserByEmail."

	//define the sink function that participates in the data flow
	val sink = cpg.method.name(DB_LOOKUP_FN_EXPR).parameter.evalType("java.lang.String")

	// Verify BUSINESS LOGIC FLAW check to determine if attack controller vector (email) is caseFolded prior to DB lookup
	sink.reachableBy(source).flows.passes(_.isCall.name(".toLowerCase.")).p

	""" _____________________________________________________________________________________________________________________
	\| tracked \| lineNumber\| method \| file \|
	\|====================================================================================================================\|
	\| userEmail \| 134 \| resetPasswordBad \| org/baeldung/web/controller/RegistrationController.java\|
	\| userEmail \| 135 \| resetPasswordBad \| org/baeldung/web/controller/RegistrationController.java\|
	\| this \| N/A \| toLowerCase \| java/lang/String.java \|
	\| ret \| N/A \| toLowerCase \| java/lang/String.java \|
	\| userEmail.toLowerCase()\| 135 \| resetPasswordBad \| org/baeldung/web/controller/RegistrationController.java\|
	\| param1 \| N/A \| <operator>.assignment\| N/A \|
	\| param0 \| N/A \| <operator>.assignment\| N/A \|
	\| $r1 \| 135 \| resetPasswordBad \| org/baeldung/web/controller/RegistrationController.java\|
	\| $r1 \| 135 \| resetPasswordBad \| org/baeldung/web/controller/RegistrationController.java\|
	\| param0 \| N/A \| findUserByEmail \| org/baeldung/service/IUserService.java \|
	"""