hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-02 05:43:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Change the source to be the request variable

Browse Source
This commit is contained in:
luchua-bc
2021-01-05 17:30:19 +00:00
parent 195755d687
commit 367ff99909
4 changed files with 89 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
java/ql/src/semmle/code/java/frameworks/Servlets.qll
View File

@@ -323,20 +323,17 @@ class ServletWebXMLListenerType extends RefType {
}
}
/** Holds if `ma` is a method access to some override of methods of `HttpServlet`, for example `doGet` or `doPost`. */
predicate isServletMethod(MethodAccess ma, string methodName) {
exists(Method m |
m = ma.getEnclosingCallable() and
m.getDeclaringType() instanceof ServletClass and
m.getNumberOfParameters() = 2 and
m.getParameter(0).getType() instanceof ServletRequest and
m.getParameter(1).getType() instanceof ServletResponse and
m.getName() = methodName and
ma.getQualifier() = m.getParameter(0).getAnAccess() and
(
ma.getMethod() instanceof ServletRequestGetParameterMethod or
ma.getMethod() instanceof ServletRequestGetParameterMapMethod or
ma.getMethod() instanceof HttpServletRequestGetQueryStringMethod
)
)
/** Holds if `m` is a request handler method (for example `doGet` or `doPost`). */
predicate isServletMethod(Method m) {
m.getDeclaringType() instanceof ServletClass and
m.getNumberOfParameters() = 2 and
m.getParameter(0).getType() instanceof ServletRequest and
m.getParameter(1).getType() instanceof ServletResponse
}
/** Holds if `ma` is a call that gets a request parameter. */
predicate isRequestGetParamMethod(MethodAccess ma) {
ma.getMethod() instanceof ServletRequestGetParameterMethod or
ma.getMethod() instanceof ServletRequestGetParameterMapMethod or
ma.getMethod() instanceof HttpServletRequestGetQueryStringMethod
}