Java: rename getMethod to getMethodValue

2026-04-17 21:14:02 +02:00 · 2025-01-08 18:22:19 -05:00
parent 20e8eb4323
commit 0462425191
2 changed files with 3 additions and 3 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll
@@ -157,7 +157,7 @@ class SpringRequestMappingMethod extends SpringControllerMethod {
  string getValue() { result = requestMappingAnnotation.getStringValue("value") }

  /** Gets the "method" @RequestMapping annotation value, if present. */
-  string getMethod() {
+  string getMethodValue() {
    result = requestMappingAnnotation.getAnEnumConstantArrayValue("method").getName()
  }

--- a/java/ql/lib/semmle/code/java/security/CsrfUnprotectedRequestTypeQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/CsrfUnprotectedRequestTypeQuery.qll
@@ -25,11 +25,11 @@ private class SpringCsrfUnprotectedMethod extends CsrfUnprotectedMethod instance
    or
    this.hasAnnotation("org.springframework.web.bind.annotation", "RequestMapping") and
    (
-      this.getMethod() = ["GET", "HEAD", "OPTIONS", "TRACE"]
+      this.getMethodValue() = ["GET", "HEAD", "OPTIONS", "TRACE"]
      or
      // If no request type is specified with `@RequestMapping`, then all request types
      // are possible, so we treat this as unsafe; example: @RequestMapping(value = "test").
-      not exists(this.getMethod())
+      not exists(this.getMethodValue())
    )
  }
 }