hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Join ServletUrlRedirectSink with UrlRedirectSink

Browse Source
This commit is contained in:
Remco Vermeulen
2020-07-09 14:08:43 +02:00
parent 88f4b224c3
commit ba9f3e2a1e
4 changed files with 21 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
java/ql/src/Security/CWE/CWE-601/ServletUrlRedirect.qll
View File

@@ -1,24 +0,0 @@
import java
import semmle.code.java.frameworks.Servlets
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.security.UrlRedirect
/**
* A Servlet URL redirection sink.
*/
class ServletUrlRedirectSink extends UrlRedirectSink {
ServletUrlRedirectSink() {
exists(MethodAccess ma |
ma.getMethod() instanceof HttpServletResponseSendRedirectMethod and
this.asExpr() = ma.getArgument(0)
)
or
exists(MethodAccess ma |
ma.getMethod() instanceof ResponseSetHeaderMethod or
ma.getMethod() instanceof ResponseAddHeaderMethod
|
ma.getArgument(0).(CompileTimeConstantExpr).getStringValue() = "Location" and
this.asExpr() = ma.getArgument(1)
)
}
}

2
java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
View File

@@ -12,7 +12,7 @@
import java
import semmle.code.java.dataflow.FlowSources
import ServletUrlRedirect
import semmle.code.java.security.UrlRedirect
import DataFlow::PathGraph
class UrlRedirectConfig extends TaintTracking::Configuration {

2
java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql
View File

@@ -12,7 +12,7 @@
import java
import semmle.code.java.dataflow.FlowSources
import ServletUrlRedirect
import semmle.code.java.security.UrlRedirect
import DataFlow::PathGraph
class UrlRedirectLocalConfig extends TaintTracking::Configuration {