hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Restrict addCookie to specific interface

Browse Source
This commit is contained in:
Ed Minnix
2023-08-07 00:04:02 -04:00
parent dc3e4cd928
commit ba3c38c226
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/semmle/code/java/security/WeakRandomnessQuery.qll
View File

@@ -57,7 +57,9 @@ abstract class WeakRandomnessSink extends DataFlow::Node { }
private class CookieSink extends WeakRandomnessSink {
CookieSink() {
this.getType() instanceof TypeCookie and
exists(MethodAccess ma | ma.getMethod().hasName("addCookie") |
exists(MethodAccess ma |
ma.getMethod().hasQualifiedName("javax.servlet.http", "HttpServletResponse", "addCookie")
|
ma.getArgument(0) = this.asExpr()
)
}