mirror of
https://github.com/github/codeql.git
synced 2026-03-01 05:13:41 +01:00
Extract HeaderSplittingSink and WhitelistedSource
- Extract `HeaderSplittingSink` and `WhitelistedSource` into an importable library. - Rename the existing `HeaderSplittingSink` implementation to `ServletHeaderSplittingSink`.
This commit is contained in:
11
java/ql/src/semmle/code/java/security/ResponseSplitting.qll
Normal file
11
java/ql/src/semmle/code/java/security/ResponseSplitting.qll
Normal file
@@ -0,0 +1,11 @@
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
|
||||
/**
|
||||
* Header-splitting sinks. Expressions that end up in an HTTP header.
|
||||
*/
|
||||
abstract class HeaderSplittingSink extends DataFlow::ExprNode { }
|
||||
|
||||
/**
|
||||
* Sources that cannot be used to perform a header splitting attack.
|
||||
*/
|
||||
abstract class TrustedSource extends DataFlow::ExprNode { }
|
||||
Reference in New Issue
Block a user