hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Autoformat

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2023-02-17 12:16:46 +01:00
parent 348165205c
commit 730eae9521
21 changed files with 62 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
View File

@@ -27,25 +27,29 @@ abstract private class InsecureNettyObjectCreation extends ClassInstanceExpr {
abstract string splittingType();
}
abstract private class RequestOrResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation {
abstract private class RequestOrResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
{
override string splittingType() { result = "Request splitting or response splitting" }
}
/**
* Request splitting can allowing an attacker to inject/smuggle an additional HTTP request into the socket connection.
*/
abstract private class RequestSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation {
abstract private class RequestSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
{
override string splittingType() { result = "Request splitting" }
}
/**
* Response splitting can lead to HTTP vulnerabilities like XSS and cache poisoning.
*/
abstract private class ResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation {
abstract private class ResponseSplittingInsecureNettyObjectCreation extends InsecureNettyObjectCreation
{
override string splittingType() { result = "Response splitting" }
}
private class InsecureDefaultHttpHeadersClassInstantiation extends RequestOrResponseSplittingInsecureNettyObjectCreation {
private class InsecureDefaultHttpHeadersClassInstantiation extends RequestOrResponseSplittingInsecureNettyObjectCreation
{
InsecureDefaultHttpHeadersClassInstantiation() {
this.getConstructedType()
.hasQualifiedName("io.netty.handler.codec.http",
@@ -54,21 +58,24 @@ private class InsecureDefaultHttpHeadersClassInstantiation extends RequestOrResp
}
}
private class InsecureDefaultHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation {
private class InsecureDefaultHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation
{
InsecureDefaultHttpResponseClassInstantiation() {
this.getConstructedType().hasQualifiedName("io.netty.handler.codec.http", "DefaultHttpResponse") and
vulnerableArgumentIndex = 2
}
}
private class InsecureDefaultHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation {
private class InsecureDefaultHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation
{
InsecureDefaultHttpRequestClassInstantiation() {
this.getConstructedType().hasQualifiedName("io.netty.handler.codec.http", "DefaultHttpRequest") and
vulnerableArgumentIndex = 3
}
}
private class InsecureDefaultFullHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation {
private class InsecureDefaultFullHttpResponseClassInstantiation extends ResponseSplittingInsecureNettyObjectCreation
{
InsecureDefaultFullHttpResponseClassInstantiation() {
this.getConstructedType()
.hasQualifiedName("io.netty.handler.codec.http", "DefaultFullHttpResponse") and
@@ -76,7 +83,8 @@ private class InsecureDefaultFullHttpResponseClassInstantiation extends Response
}
}
private class InsecureDefaultFullHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation {
private class InsecureDefaultFullHttpRequestClassInstantiation extends RequestSplittingInsecureNettyObjectCreation
{
InsecureDefaultFullHttpRequestClassInstantiation() {
this.getConstructedType()
.hasQualifiedName("io.netty.handler.codec.http", "DefaultFullHttpRequest") and

4
java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
View File

@@ -81,8 +81,8 @@ private class CompareSink extends ClientSuppliedIpUsedInSecurityCheckSink {
}
/** A data flow sink for sql operation. */
private class SqlOperationSink extends ClientSuppliedIpUsedInSecurityCheckSink instanceof QueryInjectionSink {
}
private class SqlOperationSink extends ClientSuppliedIpUsedInSecurityCheckSink instanceof QueryInjectionSink
{ }
/** A method that split string. */
class SplitMethod extends Method {