make the framework imports in FlowSources.qll private

2026-04-28 18:25:24 +02:00 · 2022-08-17 13:46:37 +02:00
parent 8066e39d07
commit 14d83ab1b5
5 changed files with 26 additions and 25 deletions
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -6,28 +6,28 @@ import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.DefUse
-import semmle.code.java.frameworks.Jdbc
-import semmle.code.java.frameworks.Networking
-import semmle.code.java.frameworks.Properties
-import semmle.code.java.frameworks.Rmi
-import semmle.code.java.frameworks.Servlets
-import semmle.code.java.frameworks.ApacheHttp
-import semmle.code.java.frameworks.android.XmlParsing
-import semmle.code.java.frameworks.android.WebView
-import semmle.code.java.frameworks.JaxWS
-import semmle.code.java.frameworks.javase.WebSocket
-import semmle.code.java.frameworks.android.Android
-import semmle.code.java.frameworks.android.ExternalStorage
-import semmle.code.java.frameworks.android.OnActivityResultSource
-import semmle.code.java.frameworks.android.Intent
-import semmle.code.java.frameworks.play.Play
-import semmle.code.java.frameworks.spring.SpringWeb
-import semmle.code.java.frameworks.spring.SpringController
-import semmle.code.java.frameworks.spring.SpringWebClient
-import semmle.code.java.frameworks.Guice
-import semmle.code.java.frameworks.struts.StrutsActions
-import semmle.code.java.frameworks.Thrift
-import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
+private import semmle.code.java.frameworks.Jdbc
+private import semmle.code.java.frameworks.Networking
+private import semmle.code.java.frameworks.Properties
+private import semmle.code.java.frameworks.Rmi
+private import semmle.code.java.frameworks.Servlets
+private import semmle.code.java.frameworks.ApacheHttp
+private import semmle.code.java.frameworks.android.XmlParsing
+private import semmle.code.java.frameworks.android.WebView
+private import semmle.code.java.frameworks.JaxWS
+private import semmle.code.java.frameworks.javase.WebSocket
+private import semmle.code.java.frameworks.android.Android
+private import semmle.code.java.frameworks.android.ExternalStorage
+private import semmle.code.java.frameworks.android.OnActivityResultSource
+private import semmle.code.java.frameworks.android.Intent
+private import semmle.code.java.frameworks.play.Play
+private import semmle.code.java.frameworks.spring.SpringWeb
+private import semmle.code.java.frameworks.spring.SpringController
+private import semmle.code.java.frameworks.spring.SpringWebClient
+private import semmle.code.java.frameworks.Guice
+private import semmle.code.java.frameworks.struts.StrutsActions
+private import semmle.code.java.frameworks.Thrift
+private import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
 private import semmle.code.java.dataflow.ExternalFlow

 /** A data flow source of remote user input. */
--- a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll
@@ -3,6 +3,7 @@
 import java
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
+private import semmle.code.java.dataflow.FlowSteps

 private class AndroidWidgetSourceModels extends SourceModelCsv {
  override predicate row(string row) {
--- a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll
+++ b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll
@@ -3,9 +3,8 @@
 import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.frameworks.Servlets
-import semmle.code.java.frameworks.JaxWS
 private import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.frameworks.Servlets

 /** A sink that is vulnerable to an HTTP header splitting attack. */
 abstract class HeaderSplittingSink extends DataFlow::Node { }
--- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll
@@ -7,6 +7,7 @@ import semmle.code.xml.MyBatisMapperXML
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.frameworks.MyBatis
 import semmle.code.java.frameworks.Properties
+private import semmle.code.java.Maps

 private predicate propertiesKey(DataFlow::Node prop, string key) {
  exists(MethodAccess m |
--- a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.qll
@@ -3,7 +3,7 @@ import DataFlow
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.DataFlow2
 import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.frameworks.spring.SpringController
+private import semmle.code.java.frameworks.spring.SpringController

 /**
 * A concatenate expression using the string `redirect:` or `ajaxredirect:` or `forward:` on the left.