hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Broaden PrimitiveSanitizer to include boxed primitives and other java.lang.Numbers

Browse Source
This commit is contained in:
Chris Smowton
2021-05-12 15:21:40 +01:00
parent 3167af29bd
commit 6b76f42d22
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/semmle/code/java/security/RequestForgery.qll
View File

@@ -215,7 +215,11 @@ private class SpringRestTemplateUrlMethodAccess extends MethodAccess {
abstract class RequestForgerySanitizer extends DataFlow::Node { }
private class PrimitiveSanitizer extends RequestForgerySanitizer {
PrimitiveSanitizer() { this.getType() instanceof PrimitiveType }
PrimitiveSanitizer() {
this.getType() instanceof PrimitiveType or
this.getType() instanceof BoxedType or
this.getType() instanceof NumberType
}
}
private class HostnameSanitizingPrefix extends CompileTimeConstantExpr {