hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 04:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix existing JaxRs tests

Browse Source 
* Expose getContentTypeString for use by tests
* Use it to get constant arguments to @Produces annotations
* Note that text/html is xss-vulnerable (I have no idea how it ever came to expect exactly text/plain)
This commit is contained in:
Chris Smowton
2021-06-28 19:38:14 +01:00
parent 52471b292a
commit c37ecb7102
4 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/semmle/code/java/frameworks/JaxWS.qll
View File

@@ -283,7 +283,10 @@ class MessageBodyReaderRead extends Method {
}
}
private string getContentTypeString(Expr e) {
/**
* Gets a constant content-type described by expression `e` (either a string constant or a Jax-RS MediaType field access).
*/
string getContentTypeString(Expr e) {
result = e.(CompileTimeConstantExpr).getStringValue() and
result != ""
or