From f7d63f8666779cfb7ccb7cc3cf1efa26d54d16df Mon Sep 17 00:00:00 2001 From: Francis Alexander Date: Thu, 22 Oct 2020 20:21:47 +0530 Subject: [PATCH] Feedback incorporation and documentation updates --- .../semmle/code/java/dataflow/FlowSources.qll | 14 ++++++ .../java/frameworks/play/PlayAddCSRFToken.qll | 6 +++ .../java/frameworks/play/PlayAsyncResult.qll | 12 +++++ .../java/frameworks/play/PlayBodyParser.qll | 6 +++ .../java/frameworks/play/PlayController.qll | 44 +++++++++++++++++++ .../frameworks/play/PlayHTTPRequestHeader.qll | 21 +++++++++ .../java/frameworks/play/PlayMVCResult.qll | 4 ++ .../java/frameworks/play/PlayMVCResults.qll | 28 ++++++++++++ 8 files changed, 135 insertions(+) diff --git a/java/ql/src/semmle/code/java/dataflow/FlowSources.qll b/java/ql/src/semmle/code/java/dataflow/FlowSources.qll index 33fac24cdbd..52bd93fae24 100644 --- a/java/ql/src/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/src/semmle/code/java/dataflow/FlowSources.qll @@ -108,6 +108,7 @@ private class MessageBodyReaderParameterSource extends RemoteFlowSource { override string getSourceType() { result = "MessageBodyReader parameter" } } +<<<<<<< HEAD private class SpringMultipartRequestSource extends RemoteFlowSource { SpringMultipartRequestSource() { exists(MethodAccess ma, Method m | @@ -124,6 +125,11 @@ private class SpringMultipartRequestSource extends RemoteFlowSource { override string getSourceType() { result = "Spring MultipartRequest getter" } } +class PlayParameterSource extends RemoteFlowSource { + PlayParameterSource() { + exists(PlayActionMethodQueryParameter p | p = this.asParameter()) or + exists(PlayMVCHTTPRequestHeaderMethods m | m.getQueryString().getAnArgument() = this.asExpr()) +======= class PlayParameterSource extends RemoteFlowSource { PlayParameterSource() { exists(PlayActionQueryParameter p | p = this.asParameter()) @@ -131,6 +137,7 @@ class PlayParameterSource extends RemoteFlowSource { exists(PlayHTTPRequestHeaderMethods m | m.hasName("getQueryString") and m.getAParameter() = this.asParameter() ) +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 } override string getSourceType() { result = "Play Query Parameters" } @@ -279,10 +286,17 @@ private class RemoteTaintedMethod extends Method { } } +<<<<<<< HEAD +private class PlayRequestGetMethod extends Method { + PlayRequestGetMethod() { + this.getDeclaringType() instanceof PlayMVCHTTPRequestHeader and + this.hasName(["header", "getHeader"]) +======= private class PlayRequestGetMethod extends PlayHTTPRequestHeaderMethods { PlayRequestGetMethod() { this.hasName("Header") or this.hasName("getQueryString") +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 } } diff --git a/java/ql/src/semmle/code/java/frameworks/play/PlayAddCSRFToken.qll b/java/ql/src/semmle/code/java/frameworks/play/PlayAddCSRFToken.qll index 391106aadc0..a3e15328ed6 100644 --- a/java/ql/src/semmle/code/java/frameworks/play/PlayAddCSRFToken.qll +++ b/java/ql/src/semmle/code/java/frameworks/play/PlayAddCSRFToken.qll @@ -1,10 +1,16 @@ import java /** +<<<<<<< HEAD + * Play Framework AddCSRFToken Annotation + * + * Documentation: https://www.playframework.com/documentation/2.8.x/JavaCsrf +======= * Play Framework AddCSRFToken * * @description Gets the methods using AddCSRFToken annotation. * (https://www.playframework.com/documentation/2.6.x/JavaBodyParsers#Choosing-an-explicit-body-parser) +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 */ class PlayAddCSRFTokenAnnotation extends Annotation { PlayAddCSRFTokenAnnotation() { diff --git a/java/ql/src/semmle/code/java/frameworks/play/PlayAsyncResult.qll b/java/ql/src/semmle/code/java/frameworks/play/PlayAsyncResult.qll index 1eb0108f0d3..e8ed9f09436 100644 --- a/java/ql/src/semmle/code/java/frameworks/play/PlayAsyncResult.qll +++ b/java/ql/src/semmle/code/java/frameworks/play/PlayAsyncResult.qll @@ -1,10 +1,16 @@ import java /** +<<<<<<< HEAD + * Play Framework Async Promise - Gets the Promise Generic Member/Type of (play.libs.F) + * + * Documentation: https://www.playframework.com/documentation/2.5.1/api/java/play/libs/F.Promise.html +======= * Play Framework Async Promise of Generic Result * * @description Gets the Promise Generic Type of (play.libs.F), This is async in 2.6x and below. * (https://www.playframework.com/documentation/2.5.1/api/java/play/libs/F.Promise.html) +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 */ class PlayAsyncResultPromise extends Member { PlayAsyncResultPromise() { @@ -17,10 +23,16 @@ class PlayAsyncResultPromise extends Member { } /** +<<<<<<< HEAD + * Play Framework Async Generic Result - Gets the CompletionStage Generic Type of (java.util.concurrent) + * + * Documentation: https://www.playframework.com/documentation/2.6.x/JavaAsync +======= * Play Framework Async Generic Result extending generic promise API called CompletionStage. * * @description Gets the CompletionStage Generic Type of (java.util.concurrent) * (https://www.playframework.com/documentation/2.6.x/JavaAsync) +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 */ class PlayAsyncResultCompletionStage extends Type { PlayAsyncResultCompletionStage() { diff --git a/java/ql/src/semmle/code/java/frameworks/play/PlayBodyParser.qll b/java/ql/src/semmle/code/java/frameworks/play/PlayBodyParser.qll index df16c4d137e..1a8a9aa597b 100644 --- a/java/ql/src/semmle/code/java/frameworks/play/PlayBodyParser.qll +++ b/java/ql/src/semmle/code/java/frameworks/play/PlayBodyParser.qll @@ -1,10 +1,16 @@ import java /** +<<<<<<< HEAD + * Play Framework Explicit Body Parser Annotation + * + * Documentation: https://www.playframework.com/documentation/2.8.x/JavaBodyParsers#Choosing-an-explicit-body-parser +======= * Play Framework Explicit Body Parser * * @description Gets the methods using the explicit body parser annotation. The methods are usually controller action methods * (https://www.playframework.com/documentation/2.8.x/JavaBodyParsers#Choosing-an-explicit-body-parser) +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 */ class PlayBodyParserAnnotation extends Annotation { PlayBodyParserAnnotation() { this.getType().hasQualifiedName("play.mvc", "BodyParser<>$Of") } diff --git a/java/ql/src/semmle/code/java/frameworks/play/PlayController.qll b/java/ql/src/semmle/code/java/frameworks/play/PlayController.qll index ff68d006e18..45489c4e216 100644 --- a/java/ql/src/semmle/code/java/frameworks/play/PlayController.qll +++ b/java/ql/src/semmle/code/java/frameworks/play/PlayController.qll @@ -4,17 +4,24 @@ import semmle.code.java.frameworks.play.PlayMVCResult /** * Play MVC Framework Controller +<<<<<<< HEAD +======= * * @description Gets the play.mvc.Controller class +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 */ class PlayMVCControllerClass extends Class { PlayMVCControllerClass() { this.hasQualifiedName("play.mvc", "Controller") } } /** +<<<<<<< HEAD + * Play Framework Controllers which extends/implements PlayMVCController recursively - Used to find all Controllers +======= * Play Framework Controller which extends/implements * * @description Gets the classes which extends play.mvc.controller rescursively. +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 */ class PlayController extends Class { PlayController() { @@ -23,11 +30,32 @@ class PlayController extends Class { } /** +<<<<<<< HEAD + * Play Framework Controller Action Methods - Mappings to route files + * + * Sample Route - `POST /login @com.linkedin.Application.login()` + * + * Example - class get's `index` & `login` as valid action methods. + * ``` + * public class Application extends Controller { + * public Result index(String username, String password) { + * return ok("It works!"); + * } + * + * public Result login() { + * return ok("Log me In!"); + * } + * } + * ``` + * + * Documentation: https://www.playframework.com/documentation/2.8.x/JavaActions +======= * Play Framework Controller Action Methods * * @description Gets the controller action methods defined against it. * (https://www.playframework.com/documentation/2.8.x/JavaActions) * @tip Checking for Public methods usually retrieves direct controller mapped methods defined in routes. +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 */ class PlayControllerActionMethod extends Method { PlayControllerActionMethod() { @@ -43,10 +71,26 @@ class PlayControllerActionMethod extends Method { } /** +<<<<<<< HEAD + * Play Action-Method parameters. These are a source of user input + * + * Example - Class get's `username` & `password` as valid parameters + * ``` + * public class Application extends Controller { + * public Result index(String username, String password) { + * return ok("It works!"); + * } + * } + * ``` + */ +class PlayActionMethodQueryParameter extends Parameter { + PlayActionMethodQueryParameter() { +======= * Play Action-Method parameters, these are essentially part of routes. */ class PlayActionQueryParameter extends Parameter { PlayActionQueryParameter() { +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 exists(PlayControllerActionMethod a | a.isPublic() and this = a.getAParameter() diff --git a/java/ql/src/semmle/code/java/frameworks/play/PlayHTTPRequestHeader.qll b/java/ql/src/semmle/code/java/frameworks/play/PlayHTTPRequestHeader.qll index 91e06af4802..68a8e852afa 100644 --- a/java/ql/src/semmle/code/java/frameworks/play/PlayHTTPRequestHeader.qll +++ b/java/ql/src/semmle/code/java/frameworks/play/PlayHTTPRequestHeader.qll @@ -1,15 +1,35 @@ import java /** +<<<<<<< HEAD + * Play MVC Framework HTTP Request Header Class +======= * Play MVC Framework HTTP Request Header * * @description Member of play.mvc.HTTP. Gets the play.mvc.HTTP$RequestHeader class/interface +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 */ class PlayMVCHTTPRequestHeader extends RefType { PlayMVCHTTPRequestHeader() { this.hasQualifiedName("play.mvc", "Http$RequestHeader") } } /** +<<<<<<< HEAD + * Play Framework HTTPRequestHeader Methods - `headers`, `getQueryString`, `getHeader` + * + * Documentation: https://www.playframework.com/documentation/2.6.0/api/java/play/mvc/Http.RequestHeader.html + */ +class PlayMVCHTTPRequestHeaderMethods extends Method { + PlayMVCHTTPRequestHeaderMethods() { this.getDeclaringType() instanceof PlayMVCHTTPRequestHeader } + + /** + * Gets all references to play.mvc.HTTP.RequestHeader `getQueryString` method + */ + MethodAccess getQueryString() { + this.hasName("getQueryString") and result = this.getAReference() + } + +======= * Play Framework HTTP$RequestHeader Methods * * @description Gets the methods of play.mvc.HTTP$RequestHeader like - headers, getQueryString, getHeader, uri @@ -17,4 +37,5 @@ class PlayMVCHTTPRequestHeader extends RefType { */ class PlayHTTPRequestHeaderMethods extends Method { PlayHTTPRequestHeaderMethods() { this.getDeclaringType() instanceof PlayMVCHTTPRequestHeader } +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 } diff --git a/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResult.qll b/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResult.qll index 2a0ce62e36e..abd697aa3ab 100644 --- a/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResult.qll +++ b/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResult.qll @@ -1,10 +1,14 @@ import java /** +<<<<<<< HEAD + * Play MVC Framework Result Class +======= * Play MVC Framework Result * * @description Gets the play.mvc.Result class - Used to set a HTTP result with a status code, a set of HTTP headers and a body to be sent to the web client. * (https://www.playframework.com/documentation/2.8.x/JavaActions) +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 */ class PlayMVCResultClass extends Class { PlayMVCResultClass() { this.hasQualifiedName("play.mvc", "Result") } diff --git a/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResults.qll b/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResults.qll index 28274de0312..ac6e4766475 100644 --- a/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResults.qll +++ b/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResults.qll @@ -1,16 +1,43 @@ import java /** +<<<<<<< HEAD + * Play MVC Framework Results Class + * + * Documentation: https://www.playframework.com/documentation/2.8.x/JavaActions +======= * Play MVC Framework Results * * @description Gets the play.mvc.Results class - Helper utilities to generate results * (https://www.playframework.com/documentation/2.8.x/JavaActions) +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 */ class PlayMVCResultsClass extends Class { PlayMVCResultsClass() { this.hasQualifiedName("play.mvc", "Results") } } /** +<<<<<<< HEAD + * Play Framework mvc.Results Methods - `ok`, `status`, `redirect` + * + * Documentation: https://www.playframework.com/documentation/2.5.8/api/java/play/mvc/Results.html + */ +class PlayMVCResultsMethods extends Method { + PlayMVCResultsMethods() { this.getDeclaringType() instanceof PlayMVCResultsClass } + + /** + * Gets all references to play.mvc.Results `ok` method + */ + MethodAccess getAnOkAccess() { + this.hasName("ok") and result = this.getAReference() + } + + /** + * Gets all references to play.mvc.Results `redirect` method + */ + MethodAccess getARedirectAccess() { + this.hasName("redirect") and result = this.getAReference() +======= * Play Framework mvc.Results Methods * * @description Gets the methods of play.mvc.Results like - ok, status, redirect etc. @@ -31,5 +58,6 @@ class PlayHTTPResultsMethods extends Method { */ MethodAccess redirect() { exists(MethodAccess ma | ma = this.getAReference() and this.hasName("redirect") | result = ma) +>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8 } }