hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add Spring flow out of HttpEntity and HttpHeader

Browse Source
This commit is contained in:
lcartey@github.com
2020-05-18 00:25:14 +01:00
parent 93c28d4c03
commit cd6339f5cd
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -393,6 +393,19 @@ private predicate taintPreservingQualifierToMethod(Method m) {
exists(SpringUntrustedDataType dt |
m.(GetterMethod) = dt.getAMethod()
)
or
exists(SpringHttpEntity sre |
m = sre.getAMethod() and
m.getName().regexpMatch("getBody|getHeaders")
)
or
exists(SpringHttpHeaders headers |
m = headers.getAMethod() |
m.getReturnType() instanceof TypeString
or
m.getReturnType().(RefType).getSourceDeclaration().getASourceSupertype*().hasQualifiedName("java.util", "List") and
m.getReturnType().(ParameterizedType).getTypeArgument(0) instanceof TypeString
)
}
private class StringReplaceMethod extends Method {

4
java/ql/src/semmle/code/java/frameworks/spring/SpringHttp.qll
View File

@@ -32,4 +32,8 @@ class SpringResponseEntityBodyBuilder extends Interface {
getSourceDeclaration().getEnclosingType() = any(SpringResponseEntity sre) and
hasName("BodyBuilder")
}
}
class SpringHttpHeaders extends Class {
SpringHttpHeaders() { hasQualifiedName("org.springframework.http", "HttpHeaders") }
}