From ebc6c49555ecbdde37408150a90c3076bfcf989c Mon Sep 17 00:00:00 2001 From: Porcupiney Hairs Date: Thu, 19 Nov 2020 03:37:00 +0530 Subject: [PATCH] include suggestions from review. --- .../CWE-918/RequestForgeryCustomizations.qll | 4 ++-- java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll | 4 ++-- java/ql/src/semmle/code/java/frameworks/Networking.qll | 10 ++++------ 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/java/ql/src/experimental/CWE-918/RequestForgeryCustomizations.qll b/java/ql/src/experimental/CWE-918/RequestForgeryCustomizations.qll index 69a81bb7b26..815cec02408 100644 --- a/java/ql/src/experimental/CWE-918/RequestForgeryCustomizations.qll +++ b/java/ql/src/experimental/CWE-918/RequestForgeryCustomizations.qll @@ -125,8 +125,8 @@ module RequestForgery { } /** - * A URI argument to `org.springframework.http.RequestEntity`s constructor call - * taken as a sink for request forgery vulnerabilities. + * An argument to `org.springframework.http.RequestEntity`s constructor call + * which is an URI taken as a sink for request forgery vulnerabilities. */ private class RequestEntityUriArg extends Sink { RequestEntityUriArg() { diff --git a/java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll b/java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll index 31be5cc38c4..b9109952901 100644 --- a/java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll +++ b/java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll @@ -15,8 +15,8 @@ class ApacheHttpEntityGetContent extends Method { } /** - * Models any class derived from `HttpRequestBase` or the `BasicHttpRequest` - * class of the Apache Http Client `org.apache.http` library + * A class that is derived from the `HttpRequestBase` or the `BasicHttpRequest` + * classes of the Apache HTTP Client `org.apache.http` library */ class ApacheHttpRequest extends RefType { ApacheHttpRequest() { diff --git a/java/ql/src/semmle/code/java/frameworks/Networking.qll b/java/ql/src/semmle/code/java/frameworks/Networking.qll index d9eca07533c..1d9d796488c 100644 --- a/java/ql/src/semmle/code/java/frameworks/Networking.qll +++ b/java/ql/src/semmle/code/java/frameworks/Networking.qll @@ -42,7 +42,7 @@ class SocketGetInputStreamMethod extends Method { } } -/** Any expresion or call which returns a new URI. */ +/** A function or method call that returns a new `URI`. */ class UriCreation extends Call { UriCreation() { this.getCallee().getDeclaringType() instanceof TypeUri and @@ -61,8 +61,6 @@ class UriCreation extends Call { /** An URI constructor expression */ class UriConstructor extends ClassInstanceExpr, UriCreation { - UriConstructor() { this.getConstructor().getDeclaringType().getQualifiedName() = "java.net.URI" } - override Expr getHostArg() { // URI​(String str) result = this.getArgument(0) and this.getNumArgument() = 1 @@ -78,7 +76,7 @@ class UriConstructor extends ClassInstanceExpr, UriCreation { } } -/** An URI create call */ +/** A call to the `create` method of the `java.net.URI` class */ class UriCreate extends Call, UriCreation { UriCreate() { this.getCallee().getName() = "create" and @@ -88,9 +86,9 @@ class UriCreate extends Call, UriCreation { override Expr getHostArg() { result = this.getArgument(0) } } -/* An URL constructor expression */ +/** An `java.net.URL` constructor expression */ class UrlConstructor extends ClassInstanceExpr { - UrlConstructor() { this.getConstructor().getDeclaringType().getQualifiedName() = "java.net.URL" } + UrlConstructor() { this.getConstructor().getDeclaringType() instanceof TypeUrl } /** Returns the host of the newly created URI. */ Expr getHostArg() {