hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Convert ServletRequestGetBodyMethod to CSV based flow source

Browse Source
This commit is contained in:
Tamas Vajk
2021-03-01 11:54:56 +01:00
parent b05a9043b5
commit 86cf143029
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -128,8 +128,11 @@ private predicate sourceModelCsv(string row) {
"org.springframework.web.context.request;WebRequest;false;getParameter;;;ReturnValue;remote",
"org.springframework.web.context.request;WebRequest;false;getParameterMap;;;ReturnValue;remote",
"org.springframework.web.context.request;WebRequest;false;getParameterNames;;;ReturnValue;remote",
"org.springframework.web.context.request;WebRequest;false;getParameterValues;;;ReturnValue;remote"
"org.springframework.web.context.request;WebRequest;false;getParameterValues;;;ReturnValue;remote",
// TODO consider org.springframework.web.context.request.WebRequest.getRemoteUser
// ServletRequestGetBodyMethod
"javax.servlet;ServletRequest;false;getInputStream;();;ReturnValue;remote",
"javax.servlet;ServletRequest;false;getReader;();;ReturnValue;remote"
]
}

1
java/ql/src/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -216,7 +216,6 @@ private class RemoteTaintedMethod extends Method {
RemoteTaintedMethod() {
this instanceof PlayRequestGetMethod or
this instanceof SpringRestTemplateResponseEntityMethod or
this instanceof ServletRequestGetBodyMethod or
this instanceof CookieGetValueMethod or
this instanceof CookieGetNameMethod or
this instanceof CookieGetCommentMethod or