hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Consider subtypes of ReaderSource

Browse Source
This commit is contained in:
Tony Torralba
2021-06-15 10:42:29 +02:00
parent 87dfc92aba
commit af6bd0b963
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
java/ql/src/semmle/code/java/security/GroovyInjection.qll
View File

@@ -116,7 +116,10 @@ private predicate groovySourceUnitTaintStep(DataFlow::Node fromNode, DataFlow::N
index = 0 and arg.getType() instanceof TypeUrl
or
index = 1 and
(arg.getType() instanceof TypeString or arg.getType() instanceof TypeReaderSource)
(
arg.getType() instanceof TypeString or
arg.getType() instanceof TypeReaderSource
)
)
|
fromNode.asExpr() = arg and
@@ -137,9 +140,7 @@ private predicate groovySourceUnitTaintStep(DataFlow::Node fromNode, DataFlow::N
* a `ReaderSource` instance by calling `new *ReaderSource(tainted, ...)`
*/
private predicate groovyReaderSourceTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
exists(ClassInstanceExpr cie |
cie.getConstructedType().getASupertype*() instanceof TypeReaderSource
|
exists(ClassInstanceExpr cie | cie.getConstructedType() instanceof TypeReaderSource |
fromNode.asExpr() = cie.getArgument(0) and toNode.asExpr() = cie
)
}
@@ -163,5 +164,7 @@ private class TypeGroovySourceUnit extends RefType {
/** The class `org.codehaus.groovy.control.io.ReaderSource`. */
private class TypeReaderSource extends RefType {
TypeReaderSource() { this.hasQualifiedName("org.codehaus.groovy.control.io", "ReaderSource") }
TypeReaderSource() {
this.getASupertype*().hasQualifiedName("org.codehaus.groovy.control.io", "ReaderSource")
}
}

4
java/ql/test/query-tests/security/CWE-094/GroovyCompilationUnitTest.java
View File

@@ -9,6 +9,8 @@ import org.codehaus.groovy.control.CompilationUnit;
import org.codehaus.groovy.control.SourceUnit;
import org.codehaus.groovy.control.io.ReaderSource;
import org.codehaus.groovy.control.io.StringReaderSource;
import org.codehaus.groovy.tools.javac.JavaAwareCompilationUnit;
import org.codehaus.groovy.tools.javac.JavaStubCompilationUnit;
public class GroovyCompilationUnitTest extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
@@ -51,7 +53,7 @@ public class GroovyCompilationUnitTest extends HttpServlet {
}
{
CompilationUnit cu = new CompilationUnit();
ReaderSource rs = new StringReaderSource(request.getParameter("source"), null);
StringReaderSource rs = new StringReaderSource(request.getParameter("source"), null);
SourceUnit su = new SourceUnit("test", rs, null, null, null);
cu.addSource(su);
cu.compile(); // $hasGroovyInjection