hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

add request forgery query

Browse Source
This commit is contained in:
Porcupiney Hairs
2020-05-11 01:21:38 +05:30
parent 1e048d8045
commit 38de9b6433
54 changed files with 1771 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql
View File

@@ -11,6 +11,7 @@
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.frameworks.javase.URL
import DataFlow::PathGraph
class HTTPString extends StringLiteral {
@@ -29,18 +30,6 @@ class HTTPString extends StringLiteral {
}
}
class URLConstructor extends ClassInstanceExpr {
URLConstructor() { this.getConstructor().getDeclaringType().getQualifiedName() = "java.net.URL" }
Expr protocolArg() {
// In all cases except where the first parameter is a URL, the argument
// containing the protocol is the first one, otherwise it is the second.
if this.getConstructor().getParameter(0).getType().getName() = "URL"
then result = this.getArgument(1)
else result = this.getArgument(0)
}
}
class URLOpenMethod extends Method {
URLOpenMethod() {
this.getDeclaringType().getQualifiedName() = "java.net.URL" and