hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Convert SpringRestTemplateResponseEntityMethod to CSV based flow source

Browse Source
This commit is contained in:
Tamas Vajk
2021-03-01 13:11:25 +01:00
parent e0c51b510f
commit 193458eb3d
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -166,7 +166,11 @@ private predicate sourceModelCsv(string row) {
// The current URL in a browser may be untrusted or uncontrolled.
// WebViewGetUrlMethod
"android.webkit;WebView;false;getUrl;();;ReturnValue;remote",
"android.webkit;WebView;false;getOriginalUrl;();;ReturnValue;remote"
"android.webkit;WebView;false;getOriginalUrl;();;ReturnValue;remote",
// SpringRestTemplateResponseEntityMethod
"org.springframework.web.client;RestTemplate;false;exchange;;;ReturnValue;remote",
"org.springframework.web.client;RestTemplate;false;getForEntity;;;ReturnValue;remote",
"org.springframework.web.client;RestTemplate;false;postForEntity;;;ReturnValue;remote"
]
}

5
java/ql/src/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -213,10 +213,7 @@ class DatabaseInput extends LocalUserInput {
}
private class RemoteTaintedMethod extends Method {
RemoteTaintedMethod() {
this instanceof PlayRequestGetMethod or
this instanceof SpringRestTemplateResponseEntityMethod
}
RemoteTaintedMethod() { this instanceof PlayRequestGetMethod }
}
private class PlayRequestGetMethod extends Method {