hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 05:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Extract HeaderSplittingSink and WhitelistedSource

Browse Source 
- Extract `HeaderSplittingSink` and `WhitelistedSource` into an
importable library.
- Rename the existing `HeaderSplittingSink` implementation to
`ServletHeaderSplittingSink`.
This commit is contained in:
Remco Vermeulen
2020-07-08 17:17:24 +02:00
parent c166fee198
commit 5f560e0465
4 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/src/semmle/code/java/security/ResponseSplitting.qll Normal file
View File

@@ -0,0 +1,11 @@
import semmle.code.java.dataflow.DataFlow
/**
* Header-splitting sinks. Expressions that end up in an HTTP header.
*/
abstract class HeaderSplittingSink extends DataFlow::ExprNode { }
/**
* Sources that cannot be used to perform a header splitting attack.
*/
abstract class TrustedSource extends DataFlow::ExprNode { }