hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: convert SpringModelAndViewSink to MaD

Browse Source
This commit is contained in:
Jami Cogswell
2024-03-05 12:25:19 -05:00
parent 8d66097483
commit 1da1e896cb
4 changed files with 16 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/lib/ext/org.springframework.web.portlet.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.springframework.web.portlet", "ModelAndView", False, "ModelAndView", "", "", "Argument[0]", "url-forward", "manual"]
- ["org.springframework.web.portlet", "ModelAndView", False, "setViewName", "", "", "Argument[0]", "url-forward", "manual"]

7
java/ql/lib/ext/org.springframework.web.servlet.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.springframework.web.servlet", "ModelAndView", False, "ModelAndView", "", "", "Argument[0]", "url-forward", "manual"]
- ["org.springframework.web.servlet", "ModelAndView", False, "setViewName", "", "", "Argument[0]", "url-forward", "manual"]

12
java/ql/lib/semmle/code/java/security/UnsafeUrlForward.qll
View File

@@ -15,18 +15,6 @@ private class DefaultUnsafeUrlForwardSink extends UnsafeUrlForwardSink {
DefaultUnsafeUrlForwardSink() { sinkNode(this, "url-forward") }
}
/** An argument to `new ModelAndView` or `ModelAndView.setViewName`. */
private class SpringModelAndViewSink extends UnsafeUrlForwardSink {
SpringModelAndViewSink() {
exists(ClassInstanceExpr cie |
cie.getConstructedType() instanceof ModelAndView and
cie.getArgument(0) = this.asExpr()
)
or
exists(SpringModelAndViewSetViewNameCall smavsvnc | smavsvnc.getArgument(0) = this.asExpr())
}
}
private class PrimitiveSanitizer extends UnsafeUrlForwardSanitizer {
PrimitiveSanitizer() {
this.getType() instanceof PrimitiveType or

4
shared/mad/codeql/mad/ModelValidation.qll
View File

@@ -33,8 +33,8 @@ module KindValidation<KindValidationConfigSig Config> {
"bean-validation", "fragment-injection", "groovy-injection", "hostname-verification",
"information-leak", "intent-redirection", "jexl-injection", "jndi-injection",
"mvel-injection", "notification", "ognl-injection", "pending-intents",
"response-splitting", "trust-boundary-violation", "template-injection", "xpath-injection",
"xslt-injection",
"response-splitting", "trust-boundary-violation", "template-injection", "url-forward",
"xpath-injection", "xslt-injection",
// JavaScript-only currently, but may be shared in the future
"mongodb.sink", "nosql-injection", "unsafe-deserialization",
// Swift-only currently, but may be shared in the future