hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Convert Cookie.get* methods to CSV based flow source

Browse Source
This commit is contained in:
Tamas Vajk
2021-03-01 11:58:33 +01:00
parent 86cf143029
commit 3c8ac5c789
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -132,7 +132,11 @@ private predicate sourceModelCsv(string row) {
// TODO consider org.springframework.web.context.request.WebRequest.getRemoteUser
// ServletRequestGetBodyMethod
"javax.servlet;ServletRequest;false;getInputStream;();;ReturnValue;remote",
"javax.servlet;ServletRequest;false;getReader;();;ReturnValue;remote"
"javax.servlet;ServletRequest;false;getReader;();;ReturnValue;remote",
// CookieGet*
"javax.servlet.http;Cookie;false;getValue;();;ReturnValue;remote",
"javax.servlet.http;Cookie;false;getName;();;ReturnValue;remote",
"javax.servlet.http;Cookie;false;getComment;();;ReturnValue;remote"
]
}

3
java/ql/src/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -216,9 +216,6 @@ private class RemoteTaintedMethod extends Method {
RemoteTaintedMethod() {
this instanceof PlayRequestGetMethod or
this instanceof SpringRestTemplateResponseEntityMethod or
this instanceof CookieGetValueMethod or
this instanceof CookieGetNameMethod or
this instanceof CookieGetCommentMethod or
this instanceof ApacheHttpGetParams or
this instanceof ApacheHttpEntityGetContent or
// In the setting of Android we assume that XML has been transmitted over