hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Model Spring web.multipart

Browse Source
This commit is contained in:
Sauyon Lee
2021-05-31 07:15:02 -07:00
parent 25dd29b24f
commit b807757863
4 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -90,6 +90,7 @@ private module Frameworks {
private import semmle.code.java.frameworks.spring.SpringValidation
private import semmle.code.java.frameworks.spring.SpringWebClient
private import semmle.code.java.frameworks.spring.SpringBeans
private import semmle.code.java.frameworks.spring.SpringWebMultipart
private import semmle.code.java.security.ResponseSplitting
private import semmle.code.java.security.InformationLeak
private import semmle.code.java.security.JexlInjectionSinkModels

1
java/ql/src/semmle/code/java/frameworks/spring/Spring.qll
View File

@@ -36,6 +36,7 @@ import semmle.code.java.frameworks.spring.SpringSet
import semmle.code.java.frameworks.spring.SpringUtil
import semmle.code.java.frameworks.spring.SpringValidation
import semmle.code.java.frameworks.spring.SpringValue
import semmle.code.java.frameworks.spring.SpringWebMultipart
import semmle.code.java.frameworks.spring.SpringXMLElement
import semmle.code.java.frameworks.spring.metrics.MetricSpringBean
import semmle.code.java.frameworks.spring.metrics.MetricSpringBeanFile

25
java/ql/src/semmle/code/java/frameworks/spring/SpringWebMultipart.qll Normal file
View File

@@ -0,0 +1,25 @@
/** Provides models of taint flow in `org.springframework.web.multipart` */
import java
private import semmle.code.java.dataflow.ExternalFlow
private class FlowSummaries extends SummaryModelCsv {
override predicate row(string row) {
row =
[
"org.springframework.web.multipart;MultipartFile;true;getBytes;;;Argument[-1];ReturnValue;taint",
"org.springframework.web.multipart;MultipartFile;true;getInputStream;;;Argument[-1];ReturnValue;taint",
"org.springframework.web.multipart;MultipartFile;true;getName;;;Argument[-1];ReturnValue;taint",
"org.springframework.web.multipart;MultipartFile;true;getOriginalFilename;;;Argument[-1];ReturnValue;taint",
"org.springframework.web.multipart;MultipartFile;true;getResource;;;Argument[-1];ReturnValue;taint",
"org.springframework.web.multipart;MultipartHttpServletRequest;true;getMultipartHeaders;;;Argument[-1];ReturnValue;taint",
"org.springframework.web.multipart;MultipartHttpServletRequest;true;getRequestHeaders;;;Argument[-1];ReturnValue;taint",
"org.springframework.web.multipart;MultipartRequest;true;getFile;;;Argument[-1];ReturnValue;taint",
"org.springframework.web.multipart;MultipartRequest;true;getFileMap;;;Argument[-1];MapValue of ReturnValue;taint",
"org.springframework.web.multipart;MultipartRequest;true;getFileNames;;;Argument[-1];Element of ReturnValue;taint",
"org.springframework.web.multipart;MultipartRequest;true;getFiles;;;Argument[-1];Element of ReturnValue;taint",
"org.springframework.web.multipart;MultipartRequest;true;getMultiFileMap;;;Argument[-1];MapValue of ReturnValue;taint",
"org.springframework.web.multipart;MultipartResolver;true;resolveMultipart;;;Argument[0];ReturnValue;taint"
]
}
}