hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add RestTemplate as flow source.

Browse Source
This commit is contained in:
lcartey@github.com
2020-05-18 00:31:45 +01:00
parent f2edc53144
commit 2978af34cd
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -18,6 +18,7 @@ import semmle.code.java.frameworks.JaxWS
import semmle.code.java.frameworks.android.Intent
import semmle.code.java.frameworks.spring.SpringWeb
import semmle.code.java.frameworks.spring.SpringController
import semmle.code.java.frameworks.spring.SpringWebClient
import semmle.code.java.frameworks.Guice
import semmle.code.java.frameworks.struts.StrutsActions
import semmle.code.java.frameworks.Thrift
@@ -228,6 +229,7 @@ private class RemoteTaintedMethod extends Method {
this.hasName("getParameterValues")
// TODO consider getRemoteUser
) or
this instanceof SpringRestTemplateResponseEntityMethod or
this instanceof ServletRequestGetBodyMethod or
this instanceof CookieGetValueMethod or
this instanceof CookieGetNameMethod or