hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-11-12 15:02:42 +00:00
committed by GitHub
parent f3f256d070
commit f598027cbd
4 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/ext/jakarta.servlet.http.model.yml
View File

@@ -8,8 +8,8 @@ extensions:
- ["jakarta.servlet.http", "Part", True, "getName", "()", "", "ReturnValue", "remote", "manual"]
- ["jakarta.servlet.http", "Part", True, "getContentType", "()", "", "ReturnValue", "remote", "manual"]
- ["jakarta.servlet.http", "Part", True, "getHeader", "(String)", "", "ReturnValue", "remote", "manual"]
- ["jakarta.servlet.http", "Part", True, "getHeaders", "(String)", "", "ReturnValue", "remote", "manual"]
- ["jakarta.servlet.http", "Part", True, "getHeaderNames", "()", "", "ReturnValue", "remote", "manual"]
- ["jakarta.servlet.http", "Part", True, "getHeaders", "(String)", "", "ReturnValue", "remote", "manual"]
- ["jakarta.servlet.http", "Part", True, "getSubmittedFileName", "()", "", "ReturnValue", "remote", "manual"]
- ["jakarta.servlet.http", "HttpServletRequest", False, "getHeader", "(String)", "", "ReturnValue", "remote", "manual"]
- ["jakarta.servlet.http", "HttpServletRequest", False, "getHeaderNames", "()", "", "ReturnValue", "remote", "manual"]

8
java/ql/lib/ext/javax.servlet.http.model.yml
View File

@@ -19,13 +19,13 @@ extensions:
- ["javax.servlet.http", "HttpServletRequest", False, "getRequestURI", "()", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "HttpServletRequest", False, "getRequestURL", "()", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "HttpServletRequest", False, "getServletPath", "()", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getInputStream", "()", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getName", "()", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getContentType", "()", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getHeader", "(String)", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getSubmittedFileName", "()", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getHeaders", "(String)", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getHeaderNames", "()", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getHeaders", "(String)", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getInputStream", "()", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getName", "()", "", "ReturnValue", "remote", "manual"]
- ["javax.servlet.http", "Part", False, "getSubmittedFileName", "()", "", "ReturnValue", "remote", "manual"]
- addsTo:

2
java/ql/lib/ext/org.apache.commons.fileupload.model.yml
View File

@@ -8,7 +8,7 @@ extensions:
- ["org.apache.commons.fileupload", "FileItem", True, "getContentType", "()", "", "ReturnValue", "remote", "manual"]
- ["org.apache.commons.fileupload", "FileItem", True, "getString", "()", "", "ReturnValue", "remote", "manual"]
- ["org.apache.commons.fileupload", "FileItem", True, "getName", "()", "", "ReturnValue", "remote", "manual"]
- ["org.apache.commons.fileupload", "FileItem", True, "getName", "(String)", "", "ReturnValue", "remote", "manual"]
- ["org.apache.commons.fileupload", "FileItem", True, "getString "(String)", "", "ReturnValue", "remote", "manual"]
- ["org.apache.commons.fileupload", "FileItem", True, "get", "()", "", "ReturnValue", "remote", "manual"]
- ["org.apache.commons.fileupload", "FileItemStream", True, "getContentType", "()", "", "ReturnValue", "remote", "manual"]
- ["org.apache.commons.fileupload", "FileItemStream", True, "getFieldName", "()", "", "ReturnValue", "remote", "manual"]

3
java/ql/test/library-tests/dataflow/taintsources/FileUpload.java
View File

@@ -28,10 +28,13 @@ public class FileUpload {
sink(fileItem.get()); // $ hasRemoteValueFlow
sink(fileItem.getString()); // $ hasRemoteValueFlow
sink(fileItem.getContentType()); // $ hasRemoteValueFlow
sink(fileItem.getFieldName()); // $ hasRemoteValueFlow
sink(fileItem.getInputStream()); // $ hasRemoteValueFlow
sink(fileItem.getName()); // $ hasRemoteValueFlow
sink(fileItemStream.getFieldName()); // $ hasRemoteValueFlow
sink(fileItemStream.getName()); // $ hasRemoteValueFlow
sink(fileItemStream.getContentType()); // $ hasRemoteValueFlow
sink(fileItemStream.openStream()); // $ hasRemoteValueFlow
sink(jakartaPart.getContentType()); // $ hasRemoteValueFlow