hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add argument indices to HTTP header splitting sinks

Browse Source
This commit is contained in:
Tamas Vajk
2021-04-22 11:17:25 +02:00
parent 180904e9f6
commit 9b1c54e81b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/semmle/code/java/security/ResponseSplitting.qll
View File

@@ -17,8 +17,8 @@ private class HeaderSplittingSinkModel extends SinkModelCsv {
row =
[
"javax.servlet.http;HttpServletResponse;false;addCookie;;;Argument[0];header-splitting",
"javax.servlet.http;HttpServletResponse;false;addHeader;;;Argument;header-splitting",
"javax.servlet.http;HttpServletResponse;false;setHeader;;;Argument;header-splitting",
"javax.servlet.http;HttpServletResponse;false;addHeader;;;Argument[0..1];header-splitting",
"javax.servlet.http;HttpServletResponse;false;setHeader;;;Argument[0..1];header-splitting",
"javax.ws.rs.core;ResponseBuilder;false;header;;;Argument[1];header-splitting"
]
}