hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Convert org.apache.http.Http*.get* methods to CSV based flow source

Browse Source
This commit is contained in:
Tamas Vajk
2021-03-01 12:03:56 +01:00
parent 3c8ac5c789
commit 09b0d824b4
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -136,7 +136,10 @@ private predicate sourceModelCsv(string row) {
// CookieGet*
"javax.servlet.http;Cookie;false;getValue;();;ReturnValue;remote",
"javax.servlet.http;Cookie;false;getName;();;ReturnValue;remote",
"javax.servlet.http;Cookie;false;getComment;();;ReturnValue;remote"
"javax.servlet.http;Cookie;false;getComment;();;ReturnValue;remote",
// ApacheHttp*
"org.apache.http;HttpMessage;false;getParams;();;ReturnValue;remote",
"org.apache.http;HttpEntity;false;getContent;();;ReturnValue;remote"
]
}

2
java/ql/src/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -216,8 +216,6 @@ private class RemoteTaintedMethod extends Method {
RemoteTaintedMethod() {
this instanceof PlayRequestGetMethod or
this instanceof SpringRestTemplateResponseEntityMethod or
this instanceof ApacheHttpGetParams or
this instanceof ApacheHttpEntityGetContent or
// In the setting of Android we assume that XML has been transmitted over
// the network, so may be tainted.
this instanceof XmlPullGetMethod or