testanull

## LiferayParamUtilGetString.ql
class LiferayParamUtilGetString extends MethodAccess{
	LiferayParamUtilGetString(){
		exists(MethodAccess ma|
			ma.getMethod().hasName("getString")
			and ma.getMethod().getDeclaringType().hasName("ParamUtil")
			and this = ma
		)
	}
}

## LiferayParamUtilGetString2.ql
class LiferayParamUtilGetString2 extends MethodAccess{
	LiferayParamUtilGetString2(){
		this.getMethod().hasName("getString")
		and this.getMethod().getDeclaringType().hasName("ParamUtil")
	}
}

## isSource.ql
override predicate isSource(DataFlow::Node source) {
		source.asExpr().(MethodAccess) instanceof LiferayParamUtilGetString
}

## globaldataflow.ql
import semmle.code.java.dataflow.DataFlow

class MyDataFlowConfiguration extends DataFlow::Configuration {
  MyDataFlowConfiguration() { this = "MyDataFlowConfiguration" }

  override predicate isSource(DataFlow::Node source) {
    ...
  }

  override predicate isSink(DataFlow::Node sink) {

## Makefile.iot
export CONFIG_BCM_CPU_ARCH_NAME=mips32
export PROFILE=96838GWO
dpkg --add-architecture i386 && apt update && apt install -y locales nano git make autoconf gcc g++ xxd libz-dev wget file gcc-multilib g++-multilib autoconf
apt-get install libacl1-dev  libuuid1:i386 uuid-dev uuid-dev:i386 zlib1g-dev zlib1g-dev:i386 liblzo2-dev liblzo2-dev:i386 pkg-config flex bison

git clone https://github.com/weihutaisui/BCM/
find . -iname "*.pl" -exec chmod +x {} \;
find . -iname "*.sh" -exec chmod +x {} \;
find . -iname "configure" -exec chmod +x {} \;
find . -iname "gen_dt_bindings" -exec chmod +x {} \;

## codeql_err.log
PS D:\Research\semmle\vscode-codeql-starter\ql> codeql query compile ../ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
Compiling query plan for D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql.
ERROR: extraneous input 'cached' expecting one of: 'or', ';' (D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\semmle\code\cpp\ir\implementation\aliased_ssa\internal\SSAConstruction.qll:45,3-9)
Failed [1/1] D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql (3 s).
PS D:\Research\semmle\vscode-codeql-starter\ql> codeql query compile ../ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql --no-default-compilation-cache
Compiling query plan for D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql.
ERROR: extraneous input 'cached' expecting one of: 'or', ';' (D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\semmle\code\cpp\ir\implementation\aliased_ssa\internal\SSAConstruction.qll:45,3-9)
Failed [1/1] D:\Research\sem

## Test0.java
import flex.messaging.io.SerializationContext;
import flex.messaging.io.amf.*;
import org.apache.commons.collections.LRUMap;

import java.io.*;

public class Test0 {
    public static void main(String[] args) throws Exception{
        LRUMap lruMap = new LRUMap();
        byte[] ser = serialize(lruMap);

## PoC_CVE-2021-28482.py
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus

requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

## PoC_CVE-2021–31474.json
POST /api/Action/TestAction HTTP/1.1
Host: <target>
Content-Length: 3978
Accept: application/json, text/javascript, */*; q=0.01
X-XSRF-TOKEN: <token>
X-Requested-With: XMLHttpRequest
ViewLimitationID: 0
User-Agent: Mozilla/5.0
Content-Type: application/json; charset=UTF-8
Cookie: <cookie>

## TomcatEchoInjectOpenAM.java
package ysoserial.payloads;

import com.sun.org.apache.xalan.internal.xsltc.DOM;
import com.sun.org.apache.xalan.internal.xsltc.TransletException;
import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
import org.apache.catalina.connector.Response;
import org.apache.catalina.connector.ResponseFacade;
import org.apache.catalina.core.ApplicationFilterChain;
	class LiferayParamUtilGetString extends MethodAccess{
	LiferayParamUtilGetString(){
	exists(MethodAccess ma\|
	ma.getMethod().hasName("getString")
	and ma.getMethod().getDeclaringType().hasName("ParamUtil")
	and this = ma
	)
	}
	}
	class LiferayParamUtilGetString2 extends MethodAccess{
	LiferayParamUtilGetString2(){
	this.getMethod().hasName("getString")
	and this.getMethod().getDeclaringType().hasName("ParamUtil")
	}
	}
	override predicate isSource(DataFlow::Node source) {
	source.asExpr().(MethodAccess) instanceof LiferayParamUtilGetString
	}
	import semmle.code.java.dataflow.DataFlow

	class MyDataFlowConfiguration extends DataFlow::Configuration {
	MyDataFlowConfiguration() { this = "MyDataFlowConfiguration" }

	override predicate isSource(DataFlow::Node source) {
	...
	}

	override predicate isSink(DataFlow::Node sink) {
	export CONFIG_BCM_CPU_ARCH_NAME=mips32
	export PROFILE=96838GWO
	dpkg --add-architecture i386 && apt update && apt install -y locales nano git make autoconf gcc g++ xxd libz-dev wget file gcc-multilib g++-multilib autoconf
	apt-get install libacl1-dev libuuid1:i386 uuid-dev uuid-dev:i386 zlib1g-dev zlib1g-dev:i386 liblzo2-dev liblzo2-dev:i386 pkg-config flex bison

	git clone https://github.com/weihutaisui/BCM/
	find . -iname "*.pl" -exec chmod +x {} \;
	find . -iname "*.sh" -exec chmod +x {} \;
	find . -iname "configure" -exec chmod +x {} \;
	find . -iname "gen_dt_bindings" -exec chmod +x {} \;
	PS D:\Research\semmle\vscode-codeql-starter\ql> codeql query compile ../ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
	Compiling query plan for D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql.
	ERROR: extraneous input 'cached' expecting one of: 'or', ';' (D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\semmle\code\cpp\ir\implementation\aliased_ssa\internal\SSAConstruction.qll:45,3-9)
	Failed [1/1] D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql (3 s).
	PS D:\Research\semmle\vscode-codeql-starter\ql> codeql query compile ../ql/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql --no-default-compilation-cache
	Compiling query plan for D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\Security\CWE\CWE-079\CgiXss.ql.
	ERROR: extraneous input 'cached' expecting one of: 'or', ';' (D:\Research\semmle\vscode-codeql-starter\ql\cpp\ql\src\semmle\code\cpp\ir\implementation\aliased_ssa\internal\SSAConstruction.qll:45,3-9)
	Failed [1/1] D:\Research\sem
	import flex.messaging.io.SerializationContext;
	import flex.messaging.io.amf.*;
	import org.apache.commons.collections.LRUMap;

	import java.io.*;

	public class Test0 {
	public static void main(String[] args) throws Exception{
	LRUMap lruMap = new LRUMap();
	byte[] ser = serialize(lruMap);
	import requests
	import time
	import sys
	from base64 import b64encode
	from requests_ntlm2 import HttpNtlmAuth
	from urllib3.exceptions import InsecureRequestWarning
	from urllib import quote_plus

	requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
	POST /api/Action/TestAction HTTP/1.1
	Host: <target>
	Content-Length: 3978
	Accept: application/json, text/javascript, /; q=0.01
	X-XSRF-TOKEN: <token>
	X-Requested-With: XMLHttpRequest
	ViewLimitationID: 0
	User-Agent: Mozilla/5.0
	Content-Type: application/json; charset=UTF-8
	Cookie: <cookie>
	package ysoserial.payloads;

	import com.sun.org.apache.xalan.internal.xsltc.DOM;
	import com.sun.org.apache.xalan.internal.xsltc.TransletException;
	import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
	import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
	import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
	import org.apache.catalina.connector.Response;
	import org.apache.catalina.connector.ResponseFacade;
	import org.apache.catalina.core.ApplicationFilterChain;