hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-10 09:34:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: convert RequestDispatcherSink to MaD

Browse Source
This commit is contained in:
Jami Cogswell
2024-03-05 11:55:54 -05:00
parent 4ff884e26c
commit 42e3825ea3
4 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/lib/semmle/code/java/security/UnsafeUrlForward.qll
View File

@@ -10,14 +10,9 @@ abstract class UnsafeUrlForwardSink extends DataFlow::Node { }
/** A sanitizer for unsafe URL forward vulnerabilities. */
abstract class UnsafeUrlForwardSanitizer extends DataFlow::Node { }
/** An argument to `getRequestDispatcher`. */
private class RequestDispatcherSink extends UnsafeUrlForwardSink {
RequestDispatcherSink() {
exists(MethodCall ma |
ma.getMethod() instanceof GetRequestDispatcherMethod and
ma.getArgument(0) = this.asExpr()
)
}
/** A default sink representing methods susceptible to unsafe URL forwarding. */
private class DefaultUnsafeUrlForwardSink extends UnsafeUrlForwardSink {
DefaultUnsafeUrlForwardSink() { sinkNode(this, "url-forward") }
}
// TODO: look into `StaplerResponse.forward`, etc., and think about re-adding the MaD "request-forgery" sinks as a result