hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change the query to only catch the common exception rethrown case

Browse Source
This commit is contained in:
luchua-bc
2020-11-09 12:07:43 +00:00
parent 3f0cdb6a1a
commit a83f9ced96
4 changed files with 12 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/test/experimental/query-tests/security/CWE-600/UncaughtServletException2.java
View File

@@ -9,6 +9,7 @@ import javax.servlet.ServletException;
class UncaughtServletException2 extends HttpServlet {
// BAD - Tests rethrowing caught exceptions with stack trace using `initCause(...)`
// Note this special case is not being handled by the query since in 99% of cases we're looking for `catch(Exception e) { ... throw e; }`
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
try {
String ip = request.getParameter("srcIP");
@@ -21,17 +22,18 @@ class UncaughtServletException2 extends HttpServlet {
}
// BAD - Tests rethrowing caught exceptions with stack trace using the same exception variable.
// Note this special case is not being handled by the query since in 99% of cases we're looking for `catch(Exception e) { ... throw e; }`
public void doHead(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
try {
String ip = request.getParameter("srcIP");
InetAddress addr = InetAddress.getByName(ip);
} catch (UnknownHostException uhex) {
uhex.printStackTrace();
throw uhex;
throw new IOException(uhex);
}
}
// BAD - Tests rethrowing caught exceptions with stack trace using `addSuppressed(...)`.
// Note this special case is not being handled by the query since in 99% of cases we're looking for `catch(Exception e) { ... throw e; }`
public void doTrace(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
try {
String ip = request.getParameter("srcIP");
@@ -44,6 +46,7 @@ class UncaughtServletException2 extends HttpServlet {
}
// BAD - Tests rethrowing caught exceptions with stack trace using `initCause(...)`
// Note this special case is not being handled by the query since in 99% of cases we're looking for `catch(Exception e) { ... throw e; }`
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
try {
String ip = request.getParameter("srcIP");