hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Delete RedirectBuilderFlowConfig

Browse Source
This commit is contained in:
haby0
2021-05-13 15:48:15 +08:00
parent effa2b162a
commit 02e415045f
1 changed files with 1 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.qll
View File

@@ -51,22 +51,11 @@ class SpringUrlRedirectSink extends DataFlow::Node {
exists(ClassInstanceExpr cie |
cie.getConstructedType().hasQualifiedName("org.springframework.web.servlet", "ModelAndView") and
cie.getArgument(0) = this.asExpr() and
exists(RedirectBuilderFlowConfig rstrbfc | rstrbfc.hasFlowToExpr(cie.getArgument(0)))
exists(RedirectBuilderExpr rbe | rbe.getRightOperand() = this.asExpr())
)
}
}
/** A data flow configuration tracing flow from remote sources to redirect builder expression. */
private class RedirectBuilderFlowConfig extends DataFlow2::Configuration {
RedirectBuilderFlowConfig() { this = "RedirectBuilderFlowConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
exists(RedirectBuilderExpr rbe | rbe.getRightOperand() = sink.asExpr())
}
}
/** A data flow configuration tracing flow from RedirectView object to calling setUrl method. */
private class RedirectViewFlowConfig extends DataFlow2::Configuration {
RedirectViewFlowConfig() { this = "RedirectViewFlowConfig" }