mirror of
https://github.com/github/codeql.git
synced 2026-03-01 13:23:49 +01:00
Merge pull request #3141 from pwntester/InsecureBeanValidation
Insecure Bean Validation query
This commit is contained in:
@@ -183,6 +183,23 @@ private class WebSocketMessageParameterSource extends RemoteFlowSource {
|
||||
override string getSourceType() { result = "Websocket onText parameter" }
|
||||
}
|
||||
|
||||
private class BeanValidationSource extends RemoteFlowSource {
|
||||
BeanValidationSource() {
|
||||
exists(Method m, Parameter v |
|
||||
this.asParameter() = v and
|
||||
m.getParameter(0) = v and
|
||||
m
|
||||
.getDeclaringType()
|
||||
.getASourceSupertype+()
|
||||
.hasQualifiedName("javax.validation", "ConstraintValidator") and
|
||||
m.hasName("isValid") and
|
||||
m.fromSource()
|
||||
)
|
||||
}
|
||||
|
||||
override string getSourceType() { result = "BeanValidation source" }
|
||||
}
|
||||
|
||||
/** Class for `tainted` user input. */
|
||||
abstract class UserInput extends DataFlow::Node { }
|
||||
|
||||
|
||||
Reference in New Issue
Block a user