hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Restrict SafeHeaderSplittingSource to RemoteFlowSource

Browse Source
This commit is contained in:
Remco Vermeulen
2020-07-09 15:13:18 +02:00
parent 782573ed43
commit b147be6fea
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/semmle/code/java/security/ResponseSplitting.qll
View File

@@ -2,6 +2,7 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.Servlets
import semmle.code.java.frameworks.JaxWS
@@ -9,7 +10,9 @@ import semmle.code.java.frameworks.JaxWS
abstract class HeaderSplittingSink extends DataFlow::Node { }
/** Sources that cannot be used to perform a header splitting attack. */
abstract class SafeHeaderSplittingSource extends DataFlow::Node { }
abstract class SafeHeaderSplittingSource extends DataFlow::Node {
SafeHeaderSplittingSource() { this instanceof RemoteFlowSource }
}
/** Servlet and JaxWS sinks susceptible to header splitting. */
private class ServletHeaderSplittingSink extends HeaderSplittingSink {