hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-16 06:53:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Convert request forgery barrier guard to MaD

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-12-09 15:45:19 +00:00
committed by Anders Schack-Mulligen
parent 5ab26e481b
commit 7e562f3150
2 changed files with 7 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
java/ql/lib/semmle/code/java/security/RequestForgery.qll
View File

@@ -118,25 +118,8 @@ private class ContainsUrlSanitizer extends RequestForgerySanitizer {
}
}
/**
* A check that the URL is relative, and therefore safe for URL redirects.
*/
private predicate isRelativeUrlSanitizer(Guard guard, Expr e, boolean branch) {
guard =
any(MethodCall call |
call.getMethod().hasQualifiedName("java.net", "URI", "isAbsolute") and
e = call.getQualifier() and
branch = false
)
}
/**
* A check that the URL is relative, and therefore safe for URL redirects.
*/
private class RelativeUrlSanitizer extends RequestForgerySanitizer {
RelativeUrlSanitizer() {
this = DataFlow::BarrierGuard<isRelativeUrlSanitizer/3>::getABarrierNode()
}
private class DefaultRequestForgerySanitizer extends RequestForgerySanitizer {
DefaultRequestForgerySanitizer() { barrierNode(this, "request-forgery") }
}
/**