hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-03 22:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: update open/jdbc-url sink kinds to request-forgery

Browse Source
This commit is contained in:
Jami Cogswell
2023-05-31 15:50:31 -04:00
parent cb10f4976b
commit 5dbb698481
50 changed files with 395 additions and 396 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -274,13 +274,12 @@ module ModelValidation {
exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) |
not kind =
[
"open-url", "jndi-injection", "ldap-injection", "sql-injection", "jdbc-url",
"log-injection", "mvel-injection", "xpath-injection", "groovy-injection",
"html-injection", "js-injection", "ognl-injection", "intent-redirection",
"pending-intents", "url-redirection", "path-injection", "file-content-store",
"hostname-verification", "response-splitting", "information-leak", "xslt-injection",
"jexl-injection", "bean-validation", "template-injection", "fragment-injection",
"command-injection"
"request-forgery", "jndi-injection", "ldap-injection", "sql-injection", "log-injection",
"mvel-injection", "xpath-injection", "groovy-injection", "html-injection", "js-injection",
"ognl-injection", "intent-redirection", "pending-intents", "url-redirection",
"path-injection", "file-content-store", "hostname-verification", "response-splitting",
"information-leak", "xslt-injection", "jexl-injection", "bean-validation",
"template-injection", "fragment-injection", "command-injection"
] and
not kind.matches("regex-use%") and
not kind.matches("qltest%") and

2
java/ql/lib/semmle/code/java/security/HttpsUrls.qll
View File

@@ -30,7 +30,7 @@ class HttpStringLiteral extends StringLiteral {
abstract class UrlOpenSink extends DataFlow::Node { }
private class DefaultUrlOpenSink extends UrlOpenSink {
DefaultUrlOpenSink() { sinkNode(this, "open-url") }
DefaultUrlOpenSink() { sinkNode(this, "request-forgery") }
}
/**

8
java/ql/lib/semmle/code/java/security/RequestForgery.qll
View File

@@ -52,12 +52,8 @@ private class TypePropertiesRequestForgeryAdditionalTaintStep extends RequestFor
/** A data flow sink for server-side request forgery (SSRF) vulnerabilities. */
abstract class RequestForgerySink extends DataFlow::Node { }
private class UrlOpenSinkAsRequestForgerySink extends RequestForgerySink {
UrlOpenSinkAsRequestForgerySink() { sinkNode(this, "open-url") }
}
private class JdbcUrlSinkAsRequestForgerySink extends RequestForgerySink {
JdbcUrlSinkAsRequestForgerySink() { sinkNode(this, "jdbc-url") }
private class DefaultRequestForgerySink extends RequestForgerySink {
DefaultRequestForgerySink() { sinkNode(this, "request-forgery") }
}
/** A sanitizer for request forgery vulnerabilities. */