hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add more test cases

Browse Source
This commit is contained in:
luchua-bc
2022-04-29 02:31:43 +00:00
parent 590b9d8519
commit 0aa1251ffe
10 changed files with 281 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll
View File

@@ -160,7 +160,7 @@ private class ServletGetPathSource extends SourceModelCsv {
}
}
/** Taint model related to `java.nio.file.Path`. */
/** Taint model related to `java.nio.file.Path` and `io.undertow.server.handlers.resource.Resource`. */
private class FilePathFlowStep extends SummaryModelCsv {
override predicate row(string row) {
row =
@@ -168,7 +168,9 @@ private class FilePathFlowStep extends SummaryModelCsv {
"java.nio.file;Paths;true;get;;;Argument[0..1];ReturnValue;taint",
"java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint",
"java.nio.file;Path;true;normalize;;;Argument[-1];ReturnValue;taint",
"java.nio.file;Path;true;toString;;;Argument[-1];ReturnValue;taint"
"io.undertow.server.handlers.resource;Resource;true;getFile;;;Argument[-1];ReturnValue;taint",
"io.undertow.server.handlers.resource;Resource;true;getFilePath;;;Argument[-1];ReturnValue;taint",
"io.undertow.server.handlers.resource;Resource;true;getPath;;;Argument[-1];ReturnValue;taint"
]
}
}

2
java/ql/src/experimental/semmle/code/java/frameworks/Jsf.qll
View File

@@ -2,7 +2,7 @@
* Provides classes and predicates for working with the Java Server Faces (JSF).
*/
import semmle.code.java.Type
import java
/**
* The JSF class `ExternalContext` for processing HTTP requests.