hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add simple sanitizer for java/http-response-splitting.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2019-06-27 14:03:48 +02:00
parent d2f8029625
commit 85eac80be9
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
View File

@@ -23,6 +23,11 @@ class ResponseSplittingConfig extends TaintTracking::Configuration {
}
override predicate isSink(DataFlow::Node sink) { sink instanceof HeaderSplittingSink }
override predicate isSanitizer(DataFlow::Node node) {
node.getType() instanceof PrimitiveType or
node.getType() instanceof BoxedType
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, ResponseSplittingConfig conf

5
java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql
View File

@@ -21,6 +21,11 @@ class ResponseSplittingLocalConfig extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
override predicate isSink(DataFlow::Node sink) { sink instanceof HeaderSplittingSink }
override predicate isSanitizer(DataFlow::Node node) {
node.getType() instanceof PrimitiveType or
node.getType() instanceof BoxedType
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, ResponseSplittingLocalConfig conf