hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Tidy and remove catersian product from getUrlArgument

Browse Source
This commit is contained in:
Chris Smowton
2021-05-12 15:02:18 +01:00
parent f388aae78e
commit 3167af29bd
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
java/ql/src/semmle/code/java/security/RequestForgery.qll
View File

@@ -150,9 +150,7 @@ private class HttpBuilderUriArgument extends RequestForgerySink {
*/
private class SpringRestTemplateArgument extends RequestForgerySink {
SpringRestTemplateArgument() {
exists(MethodAccess ma |
this.asExpr() = ma.getMethod().(SpringRestTemplateUrlMethod).getUrlArgument(ma)
)
this.asExpr() = any(SpringRestTemplateUrlMethodAccess m).getUrlArgument()
}
}
@@ -198,16 +196,19 @@ private class SpringRestTemplateUrlMethod extends Method {
"execute", "getForEntity", "getForObject", "patchForObject"
])
}
}
/**
* A call to a Spring Rest Template method
* that takes a URL as an argument.
*/
private class SpringRestTemplateUrlMethodAccess extends MethodAccess {
SpringRestTemplateUrlMethodAccess() { this.getMethod() instanceof SpringRestTemplateUrlMethod }
/**
* Gets the argument which corresponds to a URL argument
* passed as a `java.net.URL` object or as a string or the like
* Gets the URL argument of this template call.
*/
Argument getUrlArgument(MethodAccess ma) {
// doExecute(URI url, HttpMethod method, RequestCallback requestCallback,
// ResponseExtractor<T> responseExtractor)
result = ma.getArgument(0)
}
Argument getUrlArgument() { result = this.getArgument(0) }
}
/** A sanitizer for request forgery vulnerabilities. */