hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17025 from jcogs33/jcogs33/java/adjust-url-syntheticfield

Browse Source 
Java: add TaintInheritingContent for URL synthetic fields
This commit is contained in:
Jami
2024-07-25 12:11:39 -04:00
committed by GitHub
parent 30abc958a8 5854e88f63
commit 91f5f086fb
4 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
View File

@@ -22,6 +22,7 @@ private module Frameworks {
private import semmle.code.java.frameworks.IoJsonWebToken
private import semmle.code.java.frameworks.jackson.JacksonSerializability
private import semmle.code.java.frameworks.InputStream
private import semmle.code.java.frameworks.Networking
private import semmle.code.java.frameworks.Properties
private import semmle.code.java.frameworks.Protobuf
private import semmle.code.java.frameworks.ThreadLocal

7
java/ql/lib/semmle/code/java/frameworks/Networking.qll
View File

@@ -3,6 +3,8 @@
*/
import semmle.code.java.Type
private import semmle.code.java.dataflow.DataFlow
private import semmle.code.java.dataflow.FlowSteps
/** The type `java.net.URLConnection`. */
class TypeUrlConnection extends RefType {
@@ -24,6 +26,11 @@ class TypeUrl extends RefType {
TypeUrl() { this.hasQualifiedName("java.net", "URL") }
}
/** Specifies that if a `URL` is tainted, then so are its synthetic fields. */
private class UrlFieldsInheritTaint extends DataFlow::SyntheticFieldContent, TaintInheritingContent {
UrlFieldsInheritTaint() { this.getField().matches("java.net.URL.%") }
}
/** The type `java.net.URLDecoder`. */
class TypeUrlDecoder extends RefType {
TypeUrlDecoder() { this.hasQualifiedName("java.net", "URLDecoder") }