Feedback incorporation and documentation updates

2026-03-01 13:23:49 +01:00 · 2020-10-22 20:21:47 +05:30
parent 33f7d52a46
commit f7d63f8666
8 changed files with 135 additions and 0 deletions
--- a/java/ql/src/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/src/semmle/code/java/dataflow/FlowSources.qll
@@ -108,6 +108,7 @@ private class MessageBodyReaderParameterSource extends RemoteFlowSource {
  override string getSourceType() { result = "MessageBodyReader parameter" }
 }

+<<<<<<< HEAD
 private class SpringMultipartRequestSource extends RemoteFlowSource {
  SpringMultipartRequestSource() {
    exists(MethodAccess ma, Method m |
@@ -124,6 +125,11 @@ private class SpringMultipartRequestSource extends RemoteFlowSource {
  override string getSourceType() { result = "Spring MultipartRequest getter" }
 }

+class PlayParameterSource extends RemoteFlowSource {
+  PlayParameterSource() {
+    exists(PlayActionMethodQueryParameter p | p = this.asParameter()) or
+    exists(PlayMVCHTTPRequestHeaderMethods m | m.getQueryString().getAnArgument() = this.asExpr())
+=======
 class PlayParameterSource extends RemoteFlowSource {
  PlayParameterSource() {
    exists(PlayActionQueryParameter p | p = this.asParameter())
@@ -131,6 +137,7 @@ class PlayParameterSource extends RemoteFlowSource {
    exists(PlayHTTPRequestHeaderMethods m |
      m.hasName("getQueryString") and m.getAParameter() = this.asParameter()
    )
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
  }

  override string getSourceType() { result = "Play Query Parameters" }
@@ -279,10 +286,17 @@ private class RemoteTaintedMethod extends Method {
  }
 }

+<<<<<<< HEAD
+private class PlayRequestGetMethod extends Method {
+  PlayRequestGetMethod() {
+    this.getDeclaringType() instanceof PlayMVCHTTPRequestHeader and
+    this.hasName(["header", "getHeader"])
+=======
 private class PlayRequestGetMethod extends PlayHTTPRequestHeaderMethods {
  PlayRequestGetMethod() {
    this.hasName("Header") or
    this.hasName("getQueryString")
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
  }
 }

--- a/java/ql/src/semmle/code/java/frameworks/play/PlayAddCSRFToken.qll
+++ b/java/ql/src/semmle/code/java/frameworks/play/PlayAddCSRFToken.qll
@@ -1,10 +1,16 @@
 import java

 /**
+<<<<<<< HEAD
+ * Play Framework AddCSRFToken Annotation
+ *
+ * Documentation: https://www.playframework.com/documentation/2.8.x/JavaCsrf
+=======
 * Play Framework AddCSRFToken
 *
 * @description Gets the methods using AddCSRFToken annotation.
 * (https://www.playframework.com/documentation/2.6.x/JavaBodyParsers#Choosing-an-explicit-body-parser)
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 */
 class PlayAddCSRFTokenAnnotation extends Annotation {
  PlayAddCSRFTokenAnnotation() {
--- a/java/ql/src/semmle/code/java/frameworks/play/PlayAsyncResult.qll
+++ b/java/ql/src/semmle/code/java/frameworks/play/PlayAsyncResult.qll
@@ -1,10 +1,16 @@
 import java

 /**
+<<<<<<< HEAD
+ * Play Framework Async Promise - Gets the Promise<Result> Generic Member/Type of (play.libs.F)
+ *
+ * Documentation: https://www.playframework.com/documentation/2.5.1/api/java/play/libs/F.Promise.html
+=======
 * Play Framework Async Promise of Generic Result
 *
 * @description Gets the Promise<Result> Generic Type of (play.libs.F), This is async in 2.6x and below.
 * (https://www.playframework.com/documentation/2.5.1/api/java/play/libs/F.Promise.html)
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 */
 class PlayAsyncResultPromise extends Member {
  PlayAsyncResultPromise() {
@@ -17,10 +23,16 @@ class PlayAsyncResultPromise extends Member {
 }

 /**
+<<<<<<< HEAD
+ * Play Framework Async Generic Result - Gets the CompletionStage<Result> Generic Type of (java.util.concurrent)
+ *
+ * Documentation: https://www.playframework.com/documentation/2.6.x/JavaAsync
+=======
 * Play Framework Async Generic Result extending generic promise API called CompletionStage.
 *
 * @description Gets the CompletionStage<Result> Generic Type of (java.util.concurrent)
 * (https://www.playframework.com/documentation/2.6.x/JavaAsync)
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 */
 class PlayAsyncResultCompletionStage extends Type {
  PlayAsyncResultCompletionStage() {
--- a/java/ql/src/semmle/code/java/frameworks/play/PlayBodyParser.qll
+++ b/java/ql/src/semmle/code/java/frameworks/play/PlayBodyParser.qll
@@ -1,10 +1,16 @@
 import java

 /**
+<<<<<<< HEAD
+ * Play Framework Explicit Body Parser Annotation
+ *
+ * Documentation: https://www.playframework.com/documentation/2.8.x/JavaBodyParsers#Choosing-an-explicit-body-parser
+=======
 * Play Framework Explicit Body Parser
 *
 * @description Gets the methods using the explicit body parser annotation. The methods are usually controller action methods
 * (https://www.playframework.com/documentation/2.8.x/JavaBodyParsers#Choosing-an-explicit-body-parser)
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 */
 class PlayBodyParserAnnotation extends Annotation {
  PlayBodyParserAnnotation() { this.getType().hasQualifiedName("play.mvc", "BodyParser<>$Of") }
--- a/java/ql/src/semmle/code/java/frameworks/play/PlayController.qll
+++ b/java/ql/src/semmle/code/java/frameworks/play/PlayController.qll
@@ -4,17 +4,24 @@ import semmle.code.java.frameworks.play.PlayMVCResult

 /**
 * Play MVC Framework Controller
+<<<<<<< HEAD
+=======
 *
 * @description Gets the play.mvc.Controller class
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 */
 class PlayMVCControllerClass extends Class {
  PlayMVCControllerClass() { this.hasQualifiedName("play.mvc", "Controller") }
 }

 /**
+<<<<<<< HEAD
+ * Play Framework Controllers which extends/implements PlayMVCController recursively - Used to find all Controllers
+=======
 * Play Framework Controller which extends/implements
 *
 * @description Gets the classes which extends play.mvc.controller rescursively.
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 */
 class PlayController extends Class {
  PlayController() {
@@ -23,11 +30,32 @@ class PlayController extends Class {
 }

 /**
+<<<<<<< HEAD
+ * Play Framework Controller Action Methods - Mappings to route files
+ *
+ * Sample Route - `POST  /login  @com.linkedin.Application.login()`
+ *
+ * Example - class get's `index` & `login` as valid action methods.
+ * ```
+ * public class Application extends Controller {
+ *      public Result index(String username, String password) {
+ *        return ok("It works!");
+ *      }
+ *
+ *      public Result login() {
+ *        return ok("Log me In!");
+ *      }
+ *    }
+ * ```
+ *
+ * Documentation: https://www.playframework.com/documentation/2.8.x/JavaActions
+=======
 * Play Framework Controller Action Methods
 *
 * @description Gets the controller action methods defined against it.
 * (https://www.playframework.com/documentation/2.8.x/JavaActions)
 * @tip Checking for Public methods usually retrieves direct controller mapped methods defined in routes.
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 */
 class PlayControllerActionMethod extends Method {
  PlayControllerActionMethod() {
@@ -43,10 +71,26 @@ class PlayControllerActionMethod extends Method {
 }

 /**
+<<<<<<< HEAD
+ * Play Action-Method parameters. These are a source of user input
+ *
+ * Example - Class get's `username` & `password` as valid parameters
+ * ```
+ *  public class Application extends Controller {
+ *      public Result index(String username, String password) {
+ *        return ok("It works!");
+ *      }
+ *    }
+ * ```
+ */
+class PlayActionMethodQueryParameter extends Parameter {
+  PlayActionMethodQueryParameter() {
+=======
 * Play Action-Method parameters, these are essentially part of routes.
 */
 class PlayActionQueryParameter extends Parameter {
  PlayActionQueryParameter() {
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
    exists(PlayControllerActionMethod a |
      a.isPublic() and
      this = a.getAParameter()
--- a/java/ql/src/semmle/code/java/frameworks/play/PlayHTTPRequestHeader.qll
+++ b/java/ql/src/semmle/code/java/frameworks/play/PlayHTTPRequestHeader.qll
@@ -1,15 +1,35 @@
 import java

 /**
+<<<<<<< HEAD
+ * Play MVC Framework HTTP Request Header Class
+=======
 * Play MVC Framework HTTP Request Header
 *
 * @description Member of play.mvc.HTTP. Gets the play.mvc.HTTP$RequestHeader class/interface
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 */
 class PlayMVCHTTPRequestHeader extends RefType {
  PlayMVCHTTPRequestHeader() { this.hasQualifiedName("play.mvc", "Http$RequestHeader") }
 }

 /**
+<<<<<<< HEAD
+ * Play Framework HTTPRequestHeader Methods - `headers`, `getQueryString`, `getHeader`
+ *
+ * Documentation: https://www.playframework.com/documentation/2.6.0/api/java/play/mvc/Http.RequestHeader.html
+ */
+class PlayMVCHTTPRequestHeaderMethods extends Method {
+  PlayMVCHTTPRequestHeaderMethods() { this.getDeclaringType() instanceof PlayMVCHTTPRequestHeader }
+
+  /**
+   * Gets all references to play.mvc.HTTP.RequestHeader `getQueryString` method
+   */
+  MethodAccess getQueryString() {
+    this.hasName("getQueryString") and result = this.getAReference()
+  }
+
+=======
 * Play Framework HTTP$RequestHeader Methods
 *
 * @description Gets the methods of play.mvc.HTTP$RequestHeader like - headers, getQueryString, getHeader, uri
@@ -17,4 +37,5 @@ class PlayMVCHTTPRequestHeader extends RefType {
 */
 class PlayHTTPRequestHeaderMethods extends Method {
  PlayHTTPRequestHeaderMethods() { this.getDeclaringType() instanceof PlayMVCHTTPRequestHeader }
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 }
--- a/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResult.qll
+++ b/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResult.qll
@@ -1,10 +1,14 @@
 import java

 /**
+<<<<<<< HEAD
+ * Play MVC Framework Result Class
+=======
 * Play MVC Framework Result
 *
 * @description Gets the play.mvc.Result class - Used to set a HTTP result with a status code, a set of HTTP headers and a body to be sent to the web client.
 * (https://www.playframework.com/documentation/2.8.x/JavaActions)
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 */
 class PlayMVCResultClass extends Class {
  PlayMVCResultClass() { this.hasQualifiedName("play.mvc", "Result") }
--- a/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResults.qll
+++ b/java/ql/src/semmle/code/java/frameworks/play/PlayMVCResults.qll
@@ -1,16 +1,43 @@
 import java

 /**
+<<<<<<< HEAD
+ * Play MVC Framework Results Class
+ *
+ * Documentation: https://www.playframework.com/documentation/2.8.x/JavaActions
+=======
 * Play MVC Framework Results
 *
 * @description Gets the play.mvc.Results class - Helper utilities to generate results
 * (https://www.playframework.com/documentation/2.8.x/JavaActions)
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
 */
 class PlayMVCResultsClass extends Class {
  PlayMVCResultsClass() { this.hasQualifiedName("play.mvc", "Results") }
 }

 /**
+<<<<<<< HEAD
+ * Play Framework mvc.Results Methods - `ok`, `status`, `redirect`
+ *
+ * Documentation: https://www.playframework.com/documentation/2.5.8/api/java/play/mvc/Results.html
+ */
+class PlayMVCResultsMethods extends Method {
+  PlayMVCResultsMethods() { this.getDeclaringType() instanceof PlayMVCResultsClass }
+
+  /**
+   * Gets all references to play.mvc.Results `ok` method
+   */
+  MethodAccess getAnOkAccess() {
+    this.hasName("ok") and result = this.getAReference()
+  }
+
+  /**
+   * Gets all references to play.mvc.Results `redirect` method
+   */
+  MethodAccess getARedirectAccess() {
+    this.hasName("redirect") and result = this.getAReference()
+=======
 * Play Framework mvc.Results Methods
 *
 * @description Gets the methods of play.mvc.Results like - ok, status, redirect etc.
@@ -31,5 +58,6 @@ class PlayHTTPResultsMethods extends Method {
   */
  MethodAccess redirect() {
    exists(MethodAccess ma | ma = this.getAReference() and this.hasName("redirect") | result = ma)
+>>>>>>> fa523e456f96493dcc08b819ad4bd620cca789b8
  }
 }