hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Solve errors caused by private ownership

Browse Source
This commit is contained in:
haby0
2021-05-18 19:56:32 +08:00
parent caf5f4d605
commit e46de44473
2 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql
View File

@@ -15,6 +15,18 @@ import SpringUrlRedirect
import semmle.code.java.dataflow.FlowSources
import DataFlow::PathGraph
private class StartsWithSanitizer extends DataFlow::BarrierGuard {
StartsWithSanitizer() {
this.(MethodAccess).getMethod().hasName("startsWith") and
this.(MethodAccess).getMethod().getDeclaringType() instanceof TypeString and
this.(MethodAccess).getMethod().getNumberOfParameters() = 1
}
override predicate checks(Expr e, boolean branch) {
e = this.(MethodAccess).getQualifier() and branch = true
}
}
class SpringUrlRedirectFlowConfig extends TaintTracking::Configuration {
SpringUrlRedirectFlowConfig() { this = "SpringUrlRedirectFlowConfig" }

12
java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.qll
View File

@@ -5,18 +5,6 @@ import semmle.code.java.dataflow.DataFlow2
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.frameworks.spring.SpringController
private class StartsWithSanitizer extends DataFlow::BarrierGuard {
StartsWithSanitizer() {
this.(MethodAccess).getMethod().hasName("startsWith") and
this.(MethodAccess).getMethod().getDeclaringType() instanceof TypeString and
this.(MethodAccess).getMethod().getNumberOfParameters() = 1
}
override predicate checks(Expr e, boolean branch) {
e = this.(MethodAccess).getQualifier() and branch = true
}
}
/**
* A concatenate expression using the string `redirect:` or `ajaxredirect:` or `forward:` on the left.
*