mirror of
https://github.com/github/codeql.git
synced 2026-04-27 09:45:15 +02:00
Java: Model Spring @ResponseBody methods.
This commit is contained in:
lcartey@github.com
@@ -3,7 +3,7 @@ import semmle.code.java.Maps
|
||||
import SpringWeb
|
||||
|
||||
/**
|
||||
* An annotation type that identifies Spring components.
|
||||
* An annotation type that identifies Spring controllers.
|
||||
*/
|
||||
class SpringControllerAnnotation extends AnnotationType {
|
||||
SpringControllerAnnotation() {
|
||||
@@ -15,6 +15,17 @@ class SpringControllerAnnotation extends AnnotationType {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* An annotation type that identifies Spring rest controllers.
|
||||
*
|
||||
* Rest controllers are the same as controllers, but imply the @ResponseBody annotation.
|
||||
*/
|
||||
class SpringRestControllerAnnotation extends SpringControllerAnnotation {
|
||||
SpringRestControllerAnnotation() {
|
||||
hasName("RestController")
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A class annotated, directly or indirectly, as a Spring `Controller`.
|
||||
*/
|
||||
@@ -22,6 +33,13 @@ class SpringController extends Class {
|
||||
SpringController() { getAnAnnotation().getType() instanceof SpringControllerAnnotation }
|
||||
}
|
||||
|
||||
/**
|
||||
* A class annotated, directly or indirectly, as a Spring `RestController`.
|
||||
*/
|
||||
class SpringRestController extends SpringController {
|
||||
SpringRestController() { getAnAnnotation().getType() instanceof SpringRestControllerAnnotation }
|
||||
}
|
||||
|
||||
/**
|
||||
* A method on a Spring controller which is accessed by the Spring MVC framework.
|
||||
*/
|
||||
@@ -73,6 +91,16 @@ class SpringRequestMappingAnnotationType extends AnnotationType {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* An `AnnotationType` which is used to indicate a `ResponseBody`.
|
||||
*/
|
||||
class SpringResponseBodyAnnotationType extends AnnotationType {
|
||||
SpringResponseBodyAnnotationType() {
|
||||
// `@ResponseBody` used directly as an annotation.
|
||||
hasQualifiedName("org.springframework.web.bind.annotation", "ResponseBody")
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A method on a Spring controller that is executed in response to a web request.
|
||||
*/
|
||||
@@ -91,6 +119,15 @@ class SpringRequestMappingMethod extends SpringControllerMethod {
|
||||
SpringRequestMappingParameter getARequestParameter() {
|
||||
result = getAParameter()
|
||||
}
|
||||
|
||||
/** Holds if this is considered an @ResponseBody method. */
|
||||
predicate isResponseBody() {
|
||||
getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType
|
||||
or
|
||||
getDeclaringType().getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType
|
||||
or
|
||||
getDeclaringType() instanceof SpringRestController
|
||||
}
|
||||
}
|
||||
|
||||
/** A Spring framework annotation indicating remote user input from servlets. */
|
||||
|
||||
Reference in New Issue
Block a user