hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5590 from github/sauyon/java-spring-errors

Browse Source 
Add models for Spring validation.Errors
This commit is contained in:
Anders Schack-Mulligen
2021-07-01 14:29:49 +02:00
committed by GitHub
parent 37f8794d01 52d1901d6e
commit cda5c22f6e
14 changed files with 654 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -86,6 +86,7 @@ private module Frameworks {
private import semmle.code.java.frameworks.Optional
private import semmle.code.java.frameworks.spring.SpringHttp
private import semmle.code.java.frameworks.spring.SpringUtil
private import semmle.code.java.frameworks.spring.SpringValidation
private import semmle.code.java.frameworks.spring.SpringWebClient
private import semmle.code.java.frameworks.spring.SpringBeans
private import semmle.code.java.security.ResponseSplitting

1
java/ql/src/semmle/code/java/frameworks/spring/Spring.qll
View File

@@ -34,6 +34,7 @@ import semmle.code.java.frameworks.spring.SpringRef
import semmle.code.java.frameworks.spring.SpringReplacedMethod
import semmle.code.java.frameworks.spring.SpringSet
import semmle.code.java.frameworks.spring.SpringUtil
import semmle.code.java.frameworks.spring.SpringValidation
import semmle.code.java.frameworks.spring.SpringValue
import semmle.code.java.frameworks.spring.SpringXMLElement
import semmle.code.java.frameworks.spring.metrics.MetricSpringBean

25
java/ql/src/semmle/code/java/frameworks/spring/SpringValidation.qll Normal file
View File

@@ -0,0 +1,25 @@
/** Definitions of flow steps through utility methods of `org.springframework.validation.Errors`. */
import java
private import semmle.code.java.dataflow.ExternalFlow
private class SpringValidationErrorModel extends SummaryModelCsv {
override predicate row(string row) {
row =
[
"org.springframework.validation;Errors;true;addAllErrors;;;Argument[0];Argument[-1];taint",
"org.springframework.validation;Errors;true;getAllErrors;;;Argument[-1];ReturnValue;taint",
"org.springframework.validation;Errors;true;getFieldError;;;Argument[-1];ReturnValue;taint",
"org.springframework.validation;Errors;true;getFieldErrors;;;Argument[-1];ReturnValue;taint",
"org.springframework.validation;Errors;true;getGlobalError;;;Argument[-1];ReturnValue;taint",
"org.springframework.validation;Errors;true;getGlobalErrors;;;Argument[-1];ReturnValue;taint",
"org.springframework.validation;Errors;true;reject;;;Argument[0];Argument[-1];taint",
"org.springframework.validation;Errors;true;reject;;;ArrayElement of Argument[1];Argument[-1];taint",
"org.springframework.validation;Errors;true;reject;;;Argument[2];Argument[-1];taint",
"org.springframework.validation;Errors;true;rejectValue;;;Argument[1];Argument[-1];taint",
"org.springframework.validation;Errors;true;rejectValue;;;Argument[3];Argument[-1];taint",
"org.springframework.validation;Errors;true;rejectValue;(java.lang.String,java.lang.String,java.lang.Object[],java.lang.String);;ArrayElement of Argument[2];Argument[-1];taint",
"org.springframework.validation;Errors;true;rejectValue;(java.lang.String,java.lang.String,java.lang.String);;Argument[2];Argument[-1];taint"
]
}
}