merge all ne flow sources into one by extending current abstract class

2026-04-23 07:45:17 +02:00 · 2024-07-01 15:16:44 +02:00
parent f1324a413a
commit d31711bd89
2 changed files with 15 additions and 16 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.ql
@@ -1,6 +1,6 @@
 /**
 * @name Uncontrolled file decompression
- * @description Uncontrolled data that flows into decompression library APIs without checking the compression rate is dangerous
+ * @description Decompressing user-controlled files without checking the compression ratio may allow attackers to perform denial-of-service attacks.
 * @kind path-problem
 * @problem.severity error
 * @security-severity 7.8
@@ -20,13 +20,7 @@ module DecompressionBombsConfig implements DataFlow::StateConfigSig {
  class FlowState = DecompressionState;

  predicate isSource(DataFlow::Node source, FlowState state) {
-    (
-      source instanceof RemoteFlowSource
-      or
-      source instanceof FormRemoteFlowSource
-      or
-      source instanceof FileUploadRemoteFlowSource
-    ) and
+    source instanceof RemoteFlowSource and
    (
      state instanceof ZipFile
      or
--- a/java/ql/src/experimental/semmle/code/java/security/FileAndFormRemoteSource.qll
+++ b/java/ql/src/experimental/semmle/code/java/security/FileAndFormRemoteSource.qll
@@ -1,9 +1,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
-
-abstract class FormRemoteFlowSource extends DataFlow::Node { }
-
-abstract class FileUploadRemoteFlowSource extends DataFlow::Node { }
+import semmle.code.java.dataflow.FlowSources

 class CommonsFileUploadAdditionalTaintStep extends Unit {
  abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
@@ -30,7 +27,7 @@ module ApacheCommonsFileUpload {
      }
    }

-    class ServletFileUpload extends FileUploadRemoteFlowSource {
+    class ServletFileUpload extends RemoteFlowSource {
      ServletFileUpload() {
        exists(MethodAccess ma |
          ma.getReceiverType() instanceof TypeServletFileUpload and
@@ -38,9 +35,11 @@ module ApacheCommonsFileUpload {
          this.asExpr() = ma
        )
      }
+
+      override string getSourceType() { result = "Apache Commons Fileupload" }
    }

-    private class FileItemRemoteSource extends FileUploadRemoteFlowSource {
+    private class FileItemRemoteSource extends RemoteFlowSource {
      FileItemRemoteSource() {
        exists(MethodAccess ma |
          ma.getReceiverType() instanceof TypeFileUpload and
@@ -51,9 +50,11 @@ module ApacheCommonsFileUpload {
          this.asExpr() = ma
        )
      }
+
+      override string getSourceType() { result = "Apache Commons Fileupload" }
    }

-    private class FileItemStreamRemoteSource extends FileUploadRemoteFlowSource {
+    private class FileItemStreamRemoteSource extends RemoteFlowSource {
      FileItemStreamRemoteSource() {
        exists(MethodAccess ma |
          ma.getReceiverType() instanceof TypeFileItemStream and
@@ -61,6 +62,8 @@ module ApacheCommonsFileUpload {
          this.asExpr() = ma
        )
      }
+
+      override string getSourceType() { result = "Apache Commons Fileupload" }
    }
  }

@@ -98,7 +101,7 @@ module ServletRemoteMultiPartSources {
    TypePart() { this.hasQualifiedName(["javax.servlet.http", "jakarta.servlet.http"], "Part") }
  }

-  private class ServletPartCalls extends FormRemoteFlowSource {
+  private class ServletPartCalls extends RemoteFlowSource {
    ServletPartCalls() {
      exists(MethodAccess ma |
        ma.getReceiverType() instanceof TypePart and
@@ -110,5 +113,7 @@ module ServletRemoteMultiPartSources {
        this.asExpr() = ma
      )
    }
+
+    override string getSourceType() { result = "Javax Servlet Http" }
  }
 }