mirror of
https://github.com/github/codeql.git
synced 2026-04-28 18:25:24 +02:00
Use isRequestGetParamMethod as the source
This commit is contained in:
luchua-bc
@@ -25,12 +25,29 @@ class SensitiveInfoExpr extends Expr {
|
||||
/** Holds if `m` is a method of some override of `HttpServlet.doGet`. */
|
||||
private predicate isGetServletMethod(Method m) { isServletMethod(m) and m.getName() = "doGet" }
|
||||
|
||||
/** The `doGet` method of `HttpServlet`. */
|
||||
class DoGetServletMethod extends Method {
|
||||
DoGetServletMethod() { isGetServletMethod(this) }
|
||||
}
|
||||
|
||||
/** Holds if `ma` is called from the `doGet` method of `HttpServlet`. */
|
||||
predicate isServletGetCall(MethodAccess ma) {
|
||||
ma.getEnclosingCallable() instanceof DoGetServletMethod
|
||||
or
|
||||
exists(Method pm, MethodAccess pma |
|
||||
ma.getEnclosingCallable() = pm and
|
||||
pma.getMethod() = pm and
|
||||
isServletGetCall(pma)
|
||||
)
|
||||
}
|
||||
|
||||
/** Source of GET servlet requests. */
|
||||
class GetHttpRequestSource extends DataFlow::ExprNode {
|
||||
GetHttpRequestSource() {
|
||||
exists(Method m |
|
||||
isGetServletMethod(m) and
|
||||
m.getParameter(0).getAnAccess() = this.asExpr()
|
||||
class RequestGetParamSource extends DataFlow::ExprNode {
|
||||
RequestGetParamSource() {
|
||||
exists(MethodAccess ma |
|
||||
isRequestGetParamMethod(ma) and
|
||||
ma = this.asExpr() and
|
||||
isServletGetCall(ma)
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -39,14 +56,14 @@ class GetHttpRequestSource extends DataFlow::ExprNode {
|
||||
class SensitiveGetQueryConfiguration extends TaintTracking::Configuration {
|
||||
SensitiveGetQueryConfiguration() { this = "SensitiveGetQueryConfiguration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) { source instanceof GetHttpRequestSource }
|
||||
override predicate isSource(DataFlow::Node source) { source instanceof RequestGetParamSource }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SensitiveInfoExpr }
|
||||
|
||||
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(MethodAccess ma |
|
||||
isRequestGetParamMethod(ma) and pred.asExpr() = ma.getQualifier() and succ.asExpr() = ma
|
||||
)
|
||||
/** Holds if the node is in a servlet method other than `doGet`. */
|
||||
override predicate isSanitizer(DataFlow::Node node) {
|
||||
isServletMethod(node.getEnclosingCallable()) and
|
||||
not isGetServletMethod(node.getEnclosingCallable())
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,41 +1,33 @@
|
||||
edges
|
||||
| SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object |
|
||||
| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object |
|
||||
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | SensitiveGetQuery2.java:15:29:15:36 | password |
|
||||
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | SensitiveGetQuery2.java:15:29:15:36 | password : Object |
|
||||
| SensitiveGetQuery2.java:15:29:15:36 | password : Object | SensitiveGetQuery2.java:18:40:18:54 | password : Object |
|
||||
| SensitiveGetQuery2.java:18:40:18:54 | password : Object | SensitiveGetQuery2.java:19:61:19:68 | password |
|
||||
| SensitiveGetQuery3.java:11:41:11:47 | request : HttpServletRequest | SensitiveGetQuery3.java:12:41:12:47 | request : HttpServletRequest |
|
||||
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | SensitiveGetQuery3.java:13:57:13:64 | password |
|
||||
| SensitiveGetQuery3.java:12:41:12:47 | request : HttpServletRequest | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String |
|
||||
| SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password |
|
||||
| SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password : String |
|
||||
| SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password |
|
||||
| SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password : String |
|
||||
| SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) : String | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String |
|
||||
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password |
|
||||
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password : String |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password : String | SensitiveGetQuery.java:17:40:17:54 | password : String |
|
||||
| SensitiveGetQuery.java:17:40:17:54 | password : String | SensitiveGetQuery.java:18:61:18:68 | password |
|
||||
nodes
|
||||
| SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | semmle.label | request : HttpServletRequest |
|
||||
| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | semmle.label | getParameterMap(...) : Map |
|
||||
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | semmle.label | (...)... : Object |
|
||||
| SensitiveGetQuery2.java:15:29:15:36 | password | semmle.label | password |
|
||||
| SensitiveGetQuery2.java:15:29:15:36 | password : Object | semmle.label | password : Object |
|
||||
| SensitiveGetQuery2.java:18:40:18:54 | password : Object | semmle.label | password : Object |
|
||||
| SensitiveGetQuery2.java:19:61:19:68 | password | semmle.label | password |
|
||||
| SensitiveGetQuery3.java:11:41:11:47 | request : HttpServletRequest | semmle.label | request : HttpServletRequest |
|
||||
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | semmle.label | getRequestParameter(...) : String |
|
||||
| SensitiveGetQuery3.java:12:41:12:47 | request : HttpServletRequest | semmle.label | request : HttpServletRequest |
|
||||
| SensitiveGetQuery3.java:13:57:13:64 | password | semmle.label | password |
|
||||
| SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | semmle.label | request : HttpServletRequest |
|
||||
| SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | semmle.label | request : HttpServletRequest |
|
||||
| SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password | semmle.label | password |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password : String | semmle.label | password : String |
|
||||
| SensitiveGetQuery.java:17:40:17:54 | password : String | semmle.label | password : String |
|
||||
| SensitiveGetQuery.java:18:61:18:68 | password | semmle.label | password |
|
||||
#select
|
||||
| SensitiveGetQuery2.java:15:29:15:36 | password | SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | SensitiveGetQuery2.java:15:29:15:36 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery2.java:12:13:12:19 | request | This request |
|
||||
| SensitiveGetQuery2.java:19:61:19:68 | password | SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | SensitiveGetQuery2.java:19:61:19:68 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery2.java:12:13:12:19 | request | This request |
|
||||
| SensitiveGetQuery3.java:13:57:13:64 | password | SensitiveGetQuery3.java:11:41:11:47 | request : HttpServletRequest | SensitiveGetQuery3.java:13:57:13:64 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery3.java:11:41:11:47 | request | This request |
|
||||
| SensitiveGetQuery3.java:13:57:13:64 | password | SensitiveGetQuery3.java:12:41:12:47 | request : HttpServletRequest | SensitiveGetQuery3.java:13:57:13:64 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery3.java:12:41:12:47 | request | This request |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password | SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery.java:11:21:11:27 | request | This request |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password | SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery.java:12:21:12:27 | request | This request |
|
||||
| SensitiveGetQuery.java:18:61:18:68 | password | SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:18:61:18:68 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery.java:11:21:11:27 | request | This request |
|
||||
| SensitiveGetQuery.java:18:61:18:68 | password | SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | SensitiveGetQuery.java:18:61:18:68 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery.java:12:21:12:27 | request | This request |
|
||||
| SensitiveGetQuery2.java:15:29:15:36 | password | SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:15:29:15:36 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) | This request |
|
||||
| SensitiveGetQuery2.java:19:61:19:68 | password | SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:19:61:19:68 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) | This request |
|
||||
| SensitiveGetQuery3.java:13:57:13:64 | password | SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) : String | SensitiveGetQuery3.java:13:57:13:64 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery3.java:17:10:17:40 | getParameter(...) | This request |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) | This request |
|
||||
| SensitiveGetQuery.java:18:61:18:68 | password | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:18:61:18:68 | password | $@ uses the GET request method to transmit sensitive information. | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) | This request |
|
||||
|
||||
Reference in New Issue
Block a user