Merge pull request #3927 from rvermeulen/java-importable-cwe-601

Java: Move `UrlRedirectSink` into importable library
2026-04-25 08:45:14 +02:00 · 2020-07-09 16:03:29 +02:00
parent 99a4f8fd0b d3db4fa5b2
commit c8b9b779ae
3 changed files with 13 additions and 10 deletions
--- a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
+++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
@@ -12,7 +12,7 @@

 import java
 import semmle.code.java.dataflow.FlowSources
-import UrlRedirect
+import semmle.code.java.security.UrlRedirect
 import DataFlow::PathGraph

 class UrlRedirectConfig extends TaintTracking::Configuration {
--- a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql
@@ -12,7 +12,7 @@

 import java
 import semmle.code.java.dataflow.FlowSources
-import UrlRedirect
+import semmle.code.java.security.UrlRedirect
 import DataFlow::PathGraph

 class UrlRedirectLocalConfig extends TaintTracking::Configuration {
--- a/java/ql/src/semmle/code/java/security/UrlRedirect.qll
+++ b/java/ql/src/semmle/code/java/security/UrlRedirect.qll
@@ -1,12 +1,15 @@
-import java
-import semmle.code.java.frameworks.Servlets
-import semmle.code.java.dataflow.DataFlow
+/** Provides classes to reason about URL redirect attacks. */

-/**
- * A URL redirection sink.
- */
-class UrlRedirectSink extends DataFlow::ExprNode {
-  UrlRedirectSink() {
+import java
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.frameworks.Servlets
+
+/** A URL redirection sink */
+abstract class UrlRedirectSink extends DataFlow::Node { }
+
+/** A Servlet URL redirection sink. */
+private class ServletUrlRedirectSink extends UrlRedirectSink {
+  ServletUrlRedirectSink() {
    exists(MethodAccess ma |
      ma.getMethod() instanceof HttpServletResponseSendRedirectMethod and
      this.asExpr() = ma.getArgument(0)