hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Autoformat most queries.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2018-10-10 17:49:12 +02:00
parent 85cca69721
commit dd5a8f0c14
443 changed files with 2548 additions and 2043 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql
View File

@@ -8,25 +8,26 @@
* @id java/ejb/reflection
* @tags external/cwe/cwe-573
*/
import java
import semmle.code.java.frameworks.javaee.ejb.EJB
import semmle.code.java.frameworks.javaee.ejb.EJBRestrictions
/*
JSR 220: Enterprise JavaBeansTM,Version 3.0
EJB Core Contracts and Requirements
Section 21.1.2 Programming Restrictions
- The enterprise bean must not attempt to query a class to obtain information about the declared
members that are not otherwise accessible to the enterprise bean because of the security rules
of the Java language. The enterprise bean must not attempt to use the Reflection API to access
information that the security rules of the Java programming language make unavailable.
Allowing the enterprise bean to access information about other classes and to access the classes in a
manner that is normally disallowed by the Java programming language could compromise security.
*/
* JSR 220: Enterprise JavaBeansTM,Version 3.0
* EJB Core Contracts and Requirements
* Section 21.1.2 Programming Restrictions
*
* - The enterprise bean must not attempt to query a class to obtain information about the declared
* members that are not otherwise accessible to the enterprise bean because of the security rules
* of the Java language. The enterprise bean must not attempt to use the Reflection API to access
* information that the security rules of the Java programming language make unavailable.
*
* Allowing the enterprise bean to access information about other classes and to access the classes in a
* manner that is normally disallowed by the Java programming language could compromise security.
*/
from Callable origin, ForbiddenReflectionCallable target, Call call
where ejbCalls(origin, target, call)
select origin, "EJB should not use reflection by calling $@.",
call, target.getDeclaringType().getName() + "." + target.getName()
select origin, "EJB should not use reflection by calling $@.", call,
target.getDeclaringType().getName() + "." + target.getName()