Merge pull request #3543 from porcupineyhairs/WebsocketReadAsSource

Java: add websocket reads as remote flow source.

java/ql/src/semmle/code/java/dataflow/FlowSources.qll

@@ -15,6 +15,7 @@ import semmle.code.java.frameworks.ApacheHttp
 import semmle.code.java.frameworks.android.XmlParsing
 import semmle.code.java.frameworks.android.WebView
 import semmle.code.java.frameworks.JaxWS
+import semmle.code.java.frameworks.javase.WebSocket
 import semmle.code.java.frameworks.android.Intent
 import semmle.code.java.frameworks.spring.SpringWeb
 import semmle.code.java.frameworks.spring.SpringController
@@ -155,6 +156,14 @@ private class ThriftIfaceParameterSource extends RemoteFlowSource {
   override string getSourceType() { result = "Thrift Iface parameter" }
 }
 
+private class WebSocketMessageParameterSource extends RemoteFlowSource {
+  WebSocketMessageParameterSource() {
+    exists(WebsocketOnText t | t.getParameter(1) = this.asParameter())
+  }
+
+  override string getSourceType() { result = "Websocket onText parameter" }
+}
+
 /** Class for `tainted` user input. */
 abstract class UserInput extends DataFlow::Node { }
 

java/ql/src/semmle/code/java/frameworks/javase/WebSocket.qll

@@ -0,0 +1,21 @@
+/**
+ * Provides classes for identifying methods called by the Java SE WebSocket package.
+ */
+
+import java
+
+/** The `java.net.http.Websocket.Listener` interface. */
+class WebsocketListener extends Interface {
+  WebsocketListener() { this.hasQualifiedName("java.net.http", "WebSocket$Listener") }
+}
+
+/** The method `onText` on a type that implements the `java.net.http.Websocket.Listener` interface. */
+class WebsocketOnText extends Method {
+  WebsocketOnText() {
+    exists(WebsocketListener l |
+      this.getDeclaringType().extendsOrImplements(l) and
+      // onText(WebSocket webSocket, CharSequence data, boolean last)
+      this.hasName("onText")
+    )
+  }
+}