hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add remote user input sources for Spring servlets.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2018-10-24 14:54:42 +02:00
parent c78f3f8edf
commit 1d716ae461
3 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -16,6 +16,7 @@ import semmle.code.java.frameworks.android.XmlParsing
import semmle.code.java.frameworks.android.WebView
import semmle.code.java.frameworks.JaxWS
import semmle.code.java.frameworks.android.Intent
import semmle.code.java.frameworks.SpringWeb
/** Class for `tainted` user input. */
abstract class UserInput extends DataFlow::Node { }
@@ -66,6 +67,8 @@ class RemoteUserInput extends UserInput {
m.getParameter(4) = this.asParameter() or
m.getParameter(5) = this.asParameter()
)
or
this.asParameter().getAnAnnotation() instanceof SpringServletInputAnnotation
}
/**