hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Model the Stapler framework

Browse Source
This commit is contained in:
Tony Torralba
2023-05-23 15:21:50 +02:00
parent 182513a981
commit 5e3d9d8136
19 changed files with 340 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll
View File

@@ -2,8 +2,17 @@
import java
private import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.frameworks.stapler.Stapler
private import semmle.code.java.security.XSS
/** A method declared in a subtype of `hudson.model.Descriptor` that returns an `HttpResponse`. */
class HudsonWebMethod extends Method {
HudsonWebMethod() {
this.getReturnType().(RefType).getASourceSupertype*() instanceof HttpResponse and
this.getDeclaringType().getASourceSupertype*().hasQualifiedName("hudson.model", "Descriptor")
}
}
private class FilePathRead extends LocalUserInput {
FilePathRead() {
this.asExpr()