hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 13:23:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add Spring RestTemplate return values to untrusted data types

Browse Source 
- Also improve unwrapping of lists/arrays/maps etc.
This commit is contained in:
lcartey@github.com
2020-05-18 00:30:47 +01:00
parent 9625e82afd
commit f2edc53144
1 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
java/ql/src/semmle/code/java/frameworks/spring/SpringController.qll
View File

@@ -1,6 +1,7 @@
import java
import semmle.code.java.Maps
import SpringWeb
import SpringWebClient
/**
* An annotation type that identifies Spring controllers.
@@ -296,6 +297,13 @@ class SpringModelResponseType extends RefType {
}
}
/** Strips wrapper types. */
private RefType stripType(Type t) {
result = t or
result = stripType(t.(Array).getComponentType()) or
result = stripType(t.(ParameterizedType).getATypeArgument())
}
/**
* A user data type which may be populated from a HTTP request.
*
@@ -310,11 +318,16 @@ class SpringUntrustedDataType extends RefType {
p.getAnAnnotation().(SpringServletInputAnnotation).getType().hasName("RequestBody")
|
this.fromSource() and
this = p.getType()
this = stripType(p.getType())
)
or
exists(SpringRestTemplateResponseEntityMethod rm |
this = stripType(rm.getAReference().getType().(ParameterizedType).getTypeArgument(0)) and
this.fromSource()
)
or
exists(SpringUntrustedDataType mt |
this = mt.getAField().getType() and
this = stripType(mt.getAField().getType()) and
this.fromSource()
)
}