hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix JAX-RS models

Browse Source
This commit is contained in:
Owen Mansel-Chan
2021-04-29 16:17:21 +01:00
parent baa21c5bcf
commit 2b8bb5c231
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/semmle/code/java/frameworks/JaxWS.qll
View File

@@ -178,12 +178,14 @@ class JaxRsResourceClass extends Class {
}
}
/** An annotation from the `javax.ws.rs` package hierarchy. */
/**
* An annotation from the `javax.ws.rs` or `jakarta.ws.rs` package hierarchy.
*/
class JaxRSAnnotation extends Annotation {
JaxRSAnnotation() {
exists(AnnotationType a |
a = this.getType() and
a.getPackage().getName().regexpMatch("javax\\.ws\\.rs(\\..*)?")
a.getPackage().getName().regexpMatch(["javax\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"])
)
}
}
@@ -264,7 +266,7 @@ class MessageBodyReader extends GenericInterface {
*/
class MessageBodyReaderReadFrom extends Method {
MessageBodyReaderReadFrom() {
this.getDeclaringType() instanceof MessageBodyReader and
this.getDeclaringType().(RefType).getSourceDeclaration() instanceof MessageBodyReader and
this.hasName("readFrom")
}
}
@@ -504,9 +506,11 @@ private class FormModel extends SummaryModelCsv {
override predicate row(string row) {
row =
[
"javax.ws.rs.core;Form;false;Form;;;Argument;Argument[-1];taint",
"javax.ws.rs.core;Form;true;asMap;;;Argument[-1];ReturnValue;taint",
"javax.ws.rs.core;Form;true;param;;;Argument;Argument[-1];taint",
"javax.ws.rs.core;Form;true;param;;;Argument[-1];ReturnValue;value",
"jakarta.ws.rs.core;Form;false;Form;;;Argument;Argument[-1];taint",
"jakarta.ws.rs.core;Form;true;asMap;;;Argument[-1];ReturnValue;taint",
"jakarta.ws.rs.core;Form;true;param;;;Argument;Argument[-1];taint",
"jakarta.ws.rs.core;Form;true;param;;;Argument[-1];ReturnValue;value"