mirror of
https://github.com/github/codeql.git
synced 2026-04-25 08:45:14 +02:00
work on review comments
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
This commit is contained in:
@@ -1,6 +0,0 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["io.undertow.server.handlers.resource", "URLResource", True, "URLResource", "(URL,String)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
||||
@@ -26,7 +26,7 @@ extensions:
|
||||
- ["javax.servlet.http", "HttpServletResponse", False, "addHeader", "", "", "Argument[0..1]", "response-splitting", "manual"]
|
||||
- ["javax.servlet.http", "HttpServletResponse", False, "sendError", "(int,String)", "", "Argument[1]", "information-leak", "manual"]
|
||||
- ["javax.servlet.http", "HttpServletResponse", False, "setHeader", "", "", "Argument[0..1]", "response-splitting", "manual"]
|
||||
- ["javax.servlet.http", "HttpServletResponse", True, "sendRedirect", "(String)", "", "Argument[0]", "url-redirection", "ai-manual"]
|
||||
# - ["javax.servlet.http", "HttpServletResponse", True, "sendRedirect", "(String)", "", "Argument[0]", "url-redirection", "ai-manual"] # QL model exists in java/ql/lib/semmle/code/java/security/UrlRedirect.qll
|
||||
- ["javax.servlet.http", "HttpSession", True, "putValue", "", "", "Argument[0..1]", "trust-boundary-violation", "manual"]
|
||||
- ["javax.servlet.http", "HttpSession", True, "setAttribute", "", "", "Argument[0..1]", "trust-boundary-violation", "manual"]
|
||||
- addsTo:
|
||||
|
||||
Reference in New Issue
Block a user