hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 01:39:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
045e3a2cf39f39682dab8e5a20e4220ee3f04476
codeql/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll
Michael Nebel b3a3b676ba Java: Remove manual models from QL code.
2022-11-28 12:30:34 +01:00

29 lines
1.2 KiB
Plaintext
Raw Blame History

/** Provides classes to reason about header splitting attacks. */
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.Servlets
import semmle.code.java.frameworks.JaxWS
private import semmle.code.java.dataflow.ExternalFlow
/** A sink that is vulnerable to an HTTP header splitting attack. */
abstract class HeaderSplittingSink extends DataFlow::Node { }
private class DefaultHeaderSplittingSink extends HeaderSplittingSink {
DefaultHeaderSplittingSink() { sinkNode(this, "header-splitting") }
}
/** A source that introduces data considered safe to use by a header splitting source. */
abstract class SafeHeaderSplittingSource extends DataFlow::Node {
SafeHeaderSplittingSource() { this instanceof RemoteFlowSource }
}
/** A default source that introduces data considered safe to use by a header splitting source. */
private class DefaultSafeHeaderSplittingSource extends SafeHeaderSplittingSource {
DefaultSafeHeaderSplittingSource() {
this.asExpr().(MethodAccess).getMethod() instanceof HttpServletRequestGetHeaderMethod or
this.asExpr().(MethodAccess).getMethod() instanceof CookieGetNameMethod
}
}
Reference in New Issue View Git Blame Copy Permalink