hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-03 22:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Two fixes:

Browse Source 
* Consider that the @WebService annotation (et al) can be in a supertype or interface

* getARemoteMethod should only return public methods, since protected, package-private, and private methods are not exposed
This commit is contained in:
Tony Torralba
2023-08-24 11:35:52 +02:00
parent 43b9199734
commit 3f9701cea7
2 changed files with 20 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
View File

@@ -25,7 +25,7 @@ string getAJaxRsPackage(string subpackage) { result = getAJaxRsPackage() + "." +
*/
class JaxWsEndpoint extends Class {
JaxWsEndpoint() {
exists(AnnotationType a | a = this.getAnAnnotation().getType() |
exists(AnnotationType a | a = this.getAnAncestor().getAnAnnotation().getType() |
a.hasName(["WebService", "WebServiceProvider", "WebServiceClient"])
)
}
@@ -37,6 +37,7 @@ class JaxWsEndpoint extends Class {
*/
Method getARemoteMethod() {
result = this.getACallable() and
result.isPublic() and
not result instanceof InitializerMethod and
not exists(Annotation a | a = result.getAnAnnotation() |
a.getType().hasQualifiedName(["javax", "jakarta"] + ".jws", "WebMethod") and