Java: rename 'UnsafeUrlForward' to 'UrlForward'

2026-04-26 09:15:12 +02:00 · 2023-12-01 08:56:20 -05:00
parent 6e7c05467b
commit 09bc21dbd3
11 changed files with 57 additions and 57 deletions
--- a/java/ql/test/query-tests/security/CWE-552/UnsafeRequestPath.java
+++ b/java/ql/test/query-tests/security/CWE-552/UnsafeRequestPath.java
@@ -20,7 +20,7 @@ public class UnsafeRequestPath implements Filter {
 		String path = ((HttpServletRequest) request).getServletPath();
 		// A sample payload "/%57EB-INF/web.xml" can bypass this `startsWith` check
 		if (path != null && !path.startsWith("/WEB-INF")) {
-			request.getRequestDispatcher(path).forward(request, response); // $ hasUnsafeUrlForward
+			request.getRequestDispatcher(path).forward(request, response); // $ hasUrlForward
 		} else {
 			chain.doFilter(request, response);
 		}
--- a/java/ql/test/query-tests/security/CWE-552/UnsafeServletRequestDispatch.java
+++ b/java/ql/test/query-tests/security/CWE-552/UnsafeServletRequestDispatch.java
@@ -29,7 +29,7 @@ public class UnsafeServletRequestDispatch extends HttpServlet {
 			rd.forward(request, response);
 		} else {
 			ServletContext sc = cfg.getServletContext();
-			RequestDispatcher rd = sc.getRequestDispatcher(returnURL); // $ hasUnsafeUrlForward
+			RequestDispatcher rd = sc.getRequestDispatcher(returnURL); // $ hasUrlForward
 			rd.forward(request, response);
 		}
 	}
@@ -45,7 +45,7 @@ public class UnsafeServletRequestDispatch extends HttpServlet {
 			RequestDispatcher rd = request.getRequestDispatcher("/Login.jsp");
 			rd.forward(request, response);
 		} else {
-			RequestDispatcher rd = request.getRequestDispatcher(returnURL); // $ hasUnsafeUrlForward
+			RequestDispatcher rd = request.getRequestDispatcher(returnURL); // $ hasUrlForward
 			rd.forward(request, response);
 		}
 	}
@@ -73,7 +73,7 @@ public class UnsafeServletRequestDispatch extends HttpServlet {
 		// A sample payload "/pages/welcome.jsp/../WEB-INF/web.xml" can bypass the `startsWith` check
 		// The payload "/pages/welcome.jsp/../../%57EB-INF/web.xml" can bypass the check as well since RequestDispatcher will decode `%57` as `W`
 		if (path.startsWith(BASE_PATH)) {
-			request.getServletContext().getRequestDispatcher(path).include(request, response); // $ hasUnsafeUrlForward
+			request.getServletContext().getRequestDispatcher(path).include(request, response); // $ hasUrlForward
 		}
 	}

@@ -110,7 +110,7 @@ public class UnsafeServletRequestDispatch extends HttpServlet {
 		Path requestedPath = Paths.get(BASE_PATH).resolve(path).normalize();

 		if (!requestedPath.startsWith("/WEB-INF") && !requestedPath.startsWith("/META-INF")) {
-			request.getServletContext().getRequestDispatcher(requestedPath.toString()).forward(request, response); // $ MISSING: hasUnsafeUrlForward
+			request.getServletContext().getRequestDispatcher(requestedPath.toString()).forward(request, response); // $ MISSING: hasUrlForward
 		}
 	}

--- a/java/ql/test/query-tests/security/CWE-552/UnsafeUrlForwardTest.ql
+++ b/java/ql/test/query-tests/security/CWE-552/UnsafeUrlForwardTest.ql
@@ -1,18 +0,0 @@
-import java
-import TestUtilities.InlineExpectationsTest
-import semmle.code.java.security.UnsafeUrlForwardQuery
-
-module UnsafeUrlForwardTest implements TestSig {
-  string getARelevantTag() { result = "hasUnsafeUrlForward" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "hasUnsafeUrlForward" and
-    exists(UnsafeUrlForwardFlow::PathNode sink | UnsafeUrlForwardFlow::flowPath(_, sink) |
-      location = sink.getNode().getLocation() and
-      element = sink.getNode().toString() and
-      value = ""
-    )
-  }
-}
-
-import MakeTest<UnsafeUrlForwardTest>
--- a/java/ql/test/query-tests/security/CWE-552/UnsafeUrlForwardTest.expected
+++ b/java/ql/test/query-tests/security/CWE-552/UnsafeUrlForwardTest.expected
--- a/java/ql/test/query-tests/security/CWE-552/UnsafeUrlForward.java
+++ b/java/ql/test/query-tests/security/CWE-552/UnsafeUrlForward.java
@@ -7,35 +7,35 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.servlet.ModelAndView;

@Controller
-public class UnsafeUrlForward {
+public class UrlForwardTest {

 	@GetMapping("/bad1")
 	public ModelAndView bad1(String url) {
-		return new ModelAndView(url); // $ hasUnsafeUrlForward
+		return new ModelAndView(url); // $ hasUrlForward
 	}

 	@GetMapping("/bad2")
 	public ModelAndView bad2(String url) {
 		ModelAndView modelAndView = new ModelAndView();
-		modelAndView.setViewName(url); // $ hasUnsafeUrlForward
+		modelAndView.setViewName(url); // $ hasUrlForward
 		return modelAndView;
 	}

 	@GetMapping("/bad3")
 	public String bad3(String url) {
-		return "forward:" + url + "/swagger-ui/index.html"; // $ hasUnsafeUrlForward
+		return "forward:" + url + "/swagger-ui/index.html"; // $ hasUrlForward
 	}

 	@GetMapping("/bad4")
 	public ModelAndView bad4(String url) {
-		ModelAndView modelAndView = new ModelAndView("forward:" + url); // $ hasUnsafeUrlForward
+		ModelAndView modelAndView = new ModelAndView("forward:" + url); // $ hasUrlForward
 		return modelAndView;
 	}

 	@GetMapping("/bad5")
 	public void bad5(String url, HttpServletRequest request, HttpServletResponse response) {
 		try {
-			request.getRequestDispatcher(url).include(request, response); // $ hasUnsafeUrlForward
+			request.getRequestDispatcher(url).include(request, response); // $ hasUrlForward
 		} catch (ServletException e) {
 			e.printStackTrace();
 		} catch (IOException e) {
@@ -46,7 +46,7 @@ public class UnsafeUrlForward {
 	@GetMapping("/bad6")
 	public void bad6(String url, HttpServletRequest request, HttpServletResponse response) {
 		try {
-			request.getRequestDispatcher("/WEB-INF/jsp/" + url + ".jsp").include(request, response); // $ hasUnsafeUrlForward
+			request.getRequestDispatcher("/WEB-INF/jsp/" + url + ".jsp").include(request, response); // $ hasUrlForward
 		} catch (ServletException e) {
 			e.printStackTrace();
 		} catch (IOException e) {
@@ -57,7 +57,7 @@ public class UnsafeUrlForward {
 	@GetMapping("/bad7")
 	public void bad7(String url, HttpServletRequest request, HttpServletResponse response) {
 		try {
-			request.getRequestDispatcher("/WEB-INF/jsp/" + url + ".jsp").forward(request, response); // $ hasUnsafeUrlForward
+			request.getRequestDispatcher("/WEB-INF/jsp/" + url + ".jsp").forward(request, response); // $ hasUrlForward
 		} catch (ServletException e) {
 			e.printStackTrace();
 		} catch (IOException e) {
--- a/java/ql/test/query-tests/security/CWE-552/UrlForwardTest.ql
+++ b/java/ql/test/query-tests/security/CWE-552/UrlForwardTest.ql
@@ -0,0 +1,18 @@
+import java
+import TestUtilities.InlineExpectationsTest
+import semmle.code.java.security.UrlForwardQuery
+
+module UrlForwardTest implements TestSig {
+  string getARelevantTag() { result = "hasUrlForward" }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "hasUrlForward" and
+    exists(UrlForwardFlow::PathNode sink | UrlForwardFlow::flowPath(_, sink) |
+      location = sink.getNode().getLocation() and
+      element = sink.getNode().toString() and
+      value = ""
+    )
+  }
+}
+
+import MakeTest<UrlForwardTest>