Add DefaultFullHttpResponse to Netty Check

2025-12-24 04:36:35 +01:00 · 2020-02-04 15:40:59 -05:00
parent c77a921b06
commit 832a4f2e07
1 changed files with 7 additions and 0 deletions
--- a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
+++ b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
@@ -29,5 +29,12 @@ private class InsecureDefaultHttpResponseClassInstantiation extends InsecureNett
  }
 }

+private class InsecureDefaultFullHttpResponseClassInstantiation extends InsecureNettyObjectCreation {
+  InsecureDefaultHttpResponseClassInstantiation() {
+    getConstructedType().hasQualifiedName("io.netty.handler.codec.http", "DefaultFullHttpResponse") and
+    getArgument(3).(CompileTimeConstantExpr).getBooleanValue() = false
+  }
+}
+
 from InsecureNettyObjectCreation new
 select new, "Response-splitting vulnerability due to header value verification being disabled."