hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Model UriInfo.relativize and resolve.

Browse Source
This commit is contained in:
Chris Smowton
2021-08-17 10:19:21 +01:00
parent 62ecab8432
commit 5e7a3ca2e6
3 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
View File

@@ -552,6 +552,9 @@ private class UriInfoModel extends SummaryModelCsv {
"javax.ws.rs.core;UriInfo;true;getQueryParameters;;;Argument[-1];ReturnValue;taint",
"javax.ws.rs.core;UriInfo;true;getRequestUri;;;Argument[-1];ReturnValue;taint",
"javax.ws.rs.core;UriInfo;true;getRequestUriBuilder;;;Argument[-1];ReturnValue;taint",
"javax.ws.rs.core;UriInfo;true;relativize;;;Argument[0];ReturnValue;taint",
"javax.ws.rs.core;UriInfo;true;resolve;;;Argument[-1];ReturnValue;taint",
"javax.ws.rs.core;UriInfo;true;resolve;;;Argument[0];ReturnValue;taint",
"jakarta.ws.rs.core;UriInfo;true;getAbsolutePath;;;Argument[-1];ReturnValue;taint",
"jakarta.ws.rs.core;UriInfo;true;getAbsolutePathBuilder;;;Argument[-1];ReturnValue;taint",
"jakarta.ws.rs.core;UriInfo;true;getPath;;;Argument[-1];ReturnValue;taint",
@@ -559,7 +562,10 @@ private class UriInfoModel extends SummaryModelCsv {
"jakarta.ws.rs.core;UriInfo;true;getPathSegments;;;Argument[-1];ReturnValue;taint",
"jakarta.ws.rs.core;UriInfo;true;getQueryParameters;;;Argument[-1];ReturnValue;taint",
"jakarta.ws.rs.core;UriInfo;true;getRequestUri;;;Argument[-1];ReturnValue;taint",
"jakarta.ws.rs.core;UriInfo;true;getRequestUriBuilder;;;Argument[-1];ReturnValue;taint"
"jakarta.ws.rs.core;UriInfo;true;getRequestUriBuilder;;;Argument[-1];ReturnValue;taint",
"jakarta.ws.rs.core;UriInfo;true;relativize;;;Argument[0];ReturnValue;taint",
"jakarta.ws.rs.core;UriInfo;true;resolve;;;Argument[-1];ReturnValue;taint",
"jakarta.ws.rs.core;UriInfo;true;resolve;;;Argument[0];ReturnValue;taint"
]
}
}

7
java/ql/test/library-tests/frameworks/JaxWs/JakartaRsFlow.java
View File

@@ -196,7 +196,7 @@ public class JakartaRsFlow {
sink(taint(ps2).getPath()); // $ hasTaintFlow
}
void testUriInfo(UriInfo ui) {
void testUriInfo(UriInfo ui, UriInfo untaintedUriInfo) throws Exception {
ui = taint(ui);
sink(ui.getPathParameters()); // $ hasTaintFlow
sink(ui.getPathSegments()); // $ hasTaintFlow
@@ -206,6 +206,11 @@ public class JakartaRsFlow {
sink(ui.getQueryParameters().getFirst("someKey")); // $ hasTaintFlow
sink(ui.getRequestUri()); // $ hasTaintFlow
sink(ui.getRequestUriBuilder().build()); // $ hasTaintFlow
URI taintedUri = UriSource.taint();
URI untaintedUri = new URI("");
sink(untaintedUriInfo.relativize(taintedUri)); // $ hasTaintFlow
sink(untaintedUriInfo.resolve(taintedUri)); // $ hasTaintFlow
sink(ui.resolve(untaintedUri)); // $ hasTaintFlow
}
void testCookie() {

7
java/ql/test/library-tests/frameworks/JaxWs/JaxRsFlow.java
View File

@@ -192,7 +192,7 @@ public class JaxRsFlow {
sink(taint(ps2).getPath()); // $ hasTaintFlow
}
void testUriInfo(UriInfo ui) {
void testUriInfo(UriInfo ui, UriInfo untaintedUriInfo) throws Exception {
ui = taint(ui);
sink(ui.getPathParameters()); // $ hasTaintFlow
sink(ui.getPathSegments()); // $ hasTaintFlow
@@ -202,6 +202,11 @@ public class JaxRsFlow {
sink(ui.getQueryParameters().getFirst("someKey")); // $ hasTaintFlow
sink(ui.getRequestUri()); // $ hasTaintFlow
sink(ui.getRequestUriBuilder().build()); // $ hasTaintFlow
URI taintedUri = UriSource.taint();
URI untaintedUri = new URI("");
sink(untaintedUriInfo.relativize(taintedUri)); // $ hasTaintFlow
sink(untaintedUriInfo.resolve(taintedUri)); // $ hasTaintFlow
sink(ui.resolve(untaintedUri)); // $ hasTaintFlow
}
void testCookie() {