mirror of
https://github.com/github/codeql.git
synced 2026-03-01 13:23:49 +01:00
Add and format qldocs according to the style guide.
This commit is contained in:
@@ -1,21 +1,17 @@
|
||||
/** Provides classes to reason about header splitting attacks. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.frameworks.Servlets
|
||||
import semmle.code.java.frameworks.JaxWS
|
||||
|
||||
/**
|
||||
* Header-splitting sinks. Expressions that end up in an HTTP header.
|
||||
*/
|
||||
/** Header-splitting sinks. Expressions that end up in an HTTP header. */
|
||||
abstract class HeaderSplittingSink extends DataFlow::Node { }
|
||||
|
||||
/**
|
||||
* Sources that cannot be used to perform a header splitting attack.
|
||||
*/
|
||||
/** Sources that cannot be used to perform a header splitting attack. */
|
||||
abstract class SafeHeaderSplittingSource extends DataFlow::Node { }
|
||||
|
||||
/**
|
||||
* Header-splitting sinks. Expressions that end up in an HTTP header.
|
||||
*/
|
||||
/** Servlet and JaxWS sinks susceptible to header splitting. */
|
||||
private class ServletHeaderSplittingSink extends HeaderSplittingSink {
|
||||
ServletHeaderSplittingSink() {
|
||||
exists(ResponseAddCookieMethod m, MethodAccess ma |
|
||||
@@ -41,6 +37,7 @@ private class ServletHeaderSplittingSink extends HeaderSplittingSink {
|
||||
}
|
||||
}
|
||||
|
||||
/** Servlet sources considered safe regarding header splitting */
|
||||
private class ServletSafeHeaderSplittingSource extends SafeHeaderSplittingSource {
|
||||
ServletSafeHeaderSplittingSource() {
|
||||
this.asExpr().(MethodAccess).getMethod() instanceof HttpServletRequestGetHeaderMethod or
|
||||
|
||||
Reference in New Issue
Block a user