Rename TrustedSource to SafeHeaderSplittingSource

2026-04-29 18:55:14 +02:00 · 2020-07-09 14:36:23 +02:00
parent 5f560e0465
commit fed506a12f
3 changed files with 4 additions and 4 deletions
--- a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
+++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
@@ -19,7 +19,7 @@ class ResponseSplittingConfig extends TaintTracking::Configuration {

  override predicate isSource(DataFlow::Node source) {
    source instanceof RemoteFlowSource and
-    not source instanceof TrustedSource
+    not source instanceof SafeHeaderSplittingSource
  }

  override predicate isSink(DataFlow::Node sink) { sink instanceof HeaderSplittingSink }
--- a/java/ql/src/Security/CWE/CWE-113/ServletResponseSplitting.qll
+++ b/java/ql/src/Security/CWE/CWE-113/ServletResponseSplitting.qll
@@ -31,8 +31,8 @@ class ServletHeaderSplittingSink extends HeaderSplittingSink {
  }
 }

-class TrustedServletSource extends TrustedSource {
-  TrustedServletSource() {
+class ServletSafeHeaderSplittingSource extends SafeHeaderSplittingSource {
+  ServletSafeHeaderSplittingSource() {
    this.asExpr().(MethodAccess).getMethod() instanceof HttpServletRequestGetHeaderMethod or
    this.asExpr().(MethodAccess).getMethod() instanceof CookieGetNameMethod
  }
--- a/java/ql/src/semmle/code/java/security/ResponseSplitting.qll
+++ b/java/ql/src/semmle/code/java/security/ResponseSplitting.qll
@@ -8,4 +8,4 @@ abstract class HeaderSplittingSink extends DataFlow::ExprNode { }
 /**
 * Sources that cannot be used to perform a header splitting attack.
 */
-abstract class TrustedSource extends DataFlow::ExprNode { }
+abstract class SafeHeaderSplittingSource extends DataFlow::ExprNode { }