hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: add name-based heuristic

Browse Source
This commit is contained in:
Jami Cogswell
2024-12-15 20:53:27 -05:00
parent 286c655264
commit 39ccde0c9d
4 changed files with 62 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/test/query-tests/security/CWE-352/CsrfUnprotectedRequestTypeTest.java
View File

@@ -211,4 +211,10 @@ public class CsrfUnprotectedRequestTypeTest {
public void bad10(@RequestParam String user) { // $ hasCsrfUnprotectedRequestType
myBatisService.bad10(user);
}
// BAD: method name implies a state-change
@GetMapping(value = "delete")
public String delete(@RequestParam String user) { // $ hasCsrfUnprotectedRequestType
return "delete";
}
}

4
java/ql/test/query-tests/security/CWE-352/CsrfUnprotectedRequestTypeTest.ql
View File

@@ -7,9 +7,7 @@ module CsrfUnprotectedRequestTypeTest implements TestSig {
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasCsrfUnprotectedRequestType" and
exists(CallPathNode src, CallPathNode sink, CallPathNode sinkPred |
unprotectedStateChange(src, sink, sinkPred)
|
exists(CallPathNode src, CallPathNode sink | unprotectedStateChange(src, sink) |
src.getLocation() = location and
element = src.toString() and
value = ""