hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Pass taint through Spring's AbstractMessageSource.getMessage() methods.

Browse Source
This commit is contained in:
Sebastian Bauersfeld
2022-01-07 20:14:55 +07:00
parent 94c1a489e0
commit f36ee95128
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -102,6 +102,7 @@ private module Frameworks {
private import semmle.code.java.frameworks.ratpack.Ratpack
private import semmle.code.java.frameworks.ratpack.RatpackExec
private import semmle.code.java.frameworks.spring.SpringCache
private import semmle.code.java.frameworks.spring.SpringContext
private import semmle.code.java.frameworks.spring.SpringHttp
private import semmle.code.java.frameworks.spring.SpringUtil
private import semmle.code.java.frameworks.spring.SpringUi

1
java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll
View File

@@ -9,6 +9,7 @@ import semmle.code.java.frameworks.spring.SpringBeanFile
import semmle.code.java.frameworks.spring.SpringBeans
import semmle.code.java.frameworks.spring.SpringBeanRefType
import semmle.code.java.frameworks.spring.SpringCache
import semmle.code.java.frameworks.spring.SpringContext
import semmle.code.java.frameworks.spring.SpringComponentScan
import semmle.code.java.frameworks.spring.SpringConstructorArg
import semmle.code.java.frameworks.spring.SpringController

19
java/ql/lib/semmle/code/java/frameworks/spring/SpringContext.qll Normal file
View File

@@ -0,0 +1,19 @@
/**
* Provides models for the `org.springframework.context` package.
*/
import java
private import semmle.code.java.dataflow.ExternalFlow
private class StringSummaryCsv extends SummaryModelCsv {
override predicate row(string row) {
row =
[
//`namespace; type; subtypes; name; signature; ext; input; output; kind`
"org.springframework.context.support;AbstractMessageSource;true;getMessage;(String,Object[],String,Locale);;ArrayElement of Argument[1];ReturnValue;taint",
"org.springframework.context.support;AbstractMessageSource;true;getMessage;(String,Object[],String,Locale);;Argument[2];ReturnValue;taint",
"org.springframework.context.support;AbstractMessageSource;true;getMessage;(String,Object[],Locale);;ArrayElement of Argument[1];ReturnValue;taint",
"org.springframework.context.support;AbstractMessageSource;true;getMessageFromParent;;;ArrayElement of Argument[1];ReturnValue;taint",
]
}
}