Merge pull request #4989 from lcartey/lcartey/spring-inheritence-improvements

Java: Track taint through Spring Java bean getters on super types
2026-05-03 04:39:29 +02:00 · 2021-02-03 15:06:03 +01:00
parent e3bdebf7a0 76c9b6466e
commit 0df7e9fa4e
1 changed files with 3 additions and 1 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -345,7 +345,9 @@ private predicate taintPreservingQualifierToMethod(Method m) {
  m.getDeclaringType() instanceof TypeUri and
  m.hasName("toURL")
  or
-  m instanceof GetterMethod and m.getDeclaringType() instanceof SpringUntrustedDataType
+  m instanceof GetterMethod and
+  m.getDeclaringType().getASubtype*() instanceof SpringUntrustedDataType and
+  not m.getDeclaringType() instanceof TypeObject
  or
  m.getDeclaringType() instanceof SpringHttpEntity and
  m.getName().regexpMatch("getBody|getHeaders")