CodeQL-Community-Packs/java/test/security/CWE-016/SpringBootActuators.java at 2b5b6ca6d12983a5c77d15ef74c23bc686e66dd6 · GitHubSecurityLab/CodeQL-Community-Packs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;

public class SpringBootActuators {
  protected void configure(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests(requests -> requests.anyRequest().permitAll());
  }

  protected void configure2(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll();
  }

  protected void configure3(HttpSecurity http) throws Exception {
    http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll();
  }

  protected void configure4(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().permitAll();
  }

  protected void configure5(HttpSecurity http) throws Exception {
    http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll();
  }

  protected void configure6(HttpSecurity http) throws Exception {
    http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll());
  }

  protected void configure7(HttpSecurity http) throws Exception {
    http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().permitAll();
  }

  protected void configureOk1(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint());
  }

  protected void configureOk2(HttpSecurity http) throws Exception {
    http.requestMatchers().requestMatchers(EndpointRequest.toAnyEndpoint());
  }

  protected void configureOk3(HttpSecurity http) throws Exception {
    http.authorizeRequests().anyRequest().permitAll();
  }

  protected void configureOk4(HttpSecurity http) throws Exception {
    http.authorizeRequests(authz -> authz.anyRequest().permitAll());
  }

  protected void configureOkSafeEndpoints1(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.to("health", "info")).authorizeRequests(requests -> requests.anyRequest().permitAll());
  }

  protected void configureOkSafeEndpoints2(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.to("health")).authorizeRequests().requestMatchers(EndpointRequest.to("health")).permitAll();
  }

  protected void configureOkSafeEndpoints3(HttpSecurity http) throws Exception {
    http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll();
  }

  protected void configureOkSafeEndpoints4(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.to("health", "info")).authorizeRequests().anyRequest().permitAll();
  }

  protected void configureOkSafeEndpoints5(HttpSecurity http) throws Exception {
    http.authorizeRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll();
  }

  protected void configureOkSafeEndpoints6(HttpSecurity http) throws Exception {
    http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.to("health", "info")).permitAll());
  }

  protected void configureOkSafeEndpoints7(HttpSecurity http) throws Exception {
    http.requestMatchers(matcher -> EndpointRequest.to("health", "info")).authorizeRequests().anyRequest().permitAll();
  }

  protected void configureOkNoPermitAll1(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests(requests -> requests.anyRequest());
  }

  protected void configureOkNoPermitAll2(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
  }

  protected void configureOkNoPermitAll3(HttpSecurity http) throws Exception {
    http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
  }

  protected void configureOkNoPermitAll4(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest();
  }

  protected void configureOkNoPermitAll5(HttpSecurity http) throws Exception {
    http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint());
  }

  protected void configureOkNoPermitAll6(HttpSecurity http) throws Exception {
    http.authorizeRequests(requests -> requests.requestMatchers(EndpointRequest.toAnyEndpoint()));
  }

  protected void configureOkNoPermitAll7(HttpSecurity http) throws Exception {
    http.requestMatchers(matcher -> EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest();
  }
}