mirror of
https://github.com/github/codeql.git
synced 2026-02-16 06:53:41 +01:00
Convert request forgery barrier guard to MaD
This commit is contained in:
committed by
Anders Schack-Mulligen
parent
5ab26e481b
commit
7e562f3150
@@ -118,25 +118,8 @@ private class ContainsUrlSanitizer extends RequestForgerySanitizer {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A check that the URL is relative, and therefore safe for URL redirects.
|
||||
*/
|
||||
private predicate isRelativeUrlSanitizer(Guard guard, Expr e, boolean branch) {
|
||||
guard =
|
||||
any(MethodCall call |
|
||||
call.getMethod().hasQualifiedName("java.net", "URI", "isAbsolute") and
|
||||
e = call.getQualifier() and
|
||||
branch = false
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* A check that the URL is relative, and therefore safe for URL redirects.
|
||||
*/
|
||||
private class RelativeUrlSanitizer extends RequestForgerySanitizer {
|
||||
RelativeUrlSanitizer() {
|
||||
this = DataFlow::BarrierGuard<isRelativeUrlSanitizer/3>::getABarrierNode()
|
||||
}
|
||||
private class DefaultRequestForgerySanitizer extends RequestForgerySanitizer {
|
||||
DefaultRequestForgerySanitizer() { barrierNode(this, "request-forgery") }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user