Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0cf3a29

Browse files
pwntesterpwntester
committed
Add support for Apache Commons Lang ArrayUtils
1 parent 66d0bf6 commit 0cf3a29

1 file changed

Lines changed: 40 additions & 9 deletions

File tree

  • java/ql/src/semmle/code/java/frameworks/apache

java/ql/src/semmle/code/java/frameworks/apache/Lang.qll

Lines changed: 40 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,58 @@
11
/** Definitions related to the Apache Commons Lang library. */
22

33
import java
4+
private import semmle.code.java.dataflow.FlowSteps
45

5-
/*--- Types ---*/
6-
/** The class `org.apache.commons.lang.RandomStringUtils` or `org.apache.commons.lang3.RandomStringUtils`. */
6+
/**
7+
* The class `org.apache.commons.lang.RandomStringUtils` or `org.apache.commons.lang3.RandomStringUtils`.
8+
*/
79
class TypeApacheRandomStringUtils extends Class {
810
TypeApacheRandomStringUtils() {
9-
hasQualifiedName("org.apache.commons.lang", "RandomStringUtils") or
10-
hasQualifiedName("org.apache.commons.lang3", "RandomStringUtils")
11+
this.hasQualifiedName(["org.apache.commons.lang", "org.apache.commons.lang3"], "RandomStringUtils")
12+
}
13+
}
14+
15+
/**
16+
* The class `org.apache.commons.lang.ArrayUtils` or `org.apache.commons.lang3.ArrayUtils`.
17+
*/
18+
class TypeApacheArrayUtils extends Class {
19+
TypeApacheArrayUtils() {
20+
hasQualifiedName(["org.apache.commons.lang", "org.apache.commons.lang3"], "ArrayUtils")
1121
}
1222
}
1323

14-
/*--- Methods ---*/
1524
/**
1625
* The method `deserialize` in either `org.apache.commons.lang.SerializationUtils`
1726
* or `org.apache.commons.lang3.SerializationUtils`.
1827
*/
1928
class MethodApacheSerializationUtilsDeserialize extends Method {
2029
MethodApacheSerializationUtilsDeserialize() {
21-
(
22-
this.getDeclaringType().hasQualifiedName("org.apache.commons.lang", "SerializationUtils") or
23-
this.getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "SerializationUtils")
24-
) and
30+
this.getDeclaringType().hasQualifiedName(["org.apache.commons.lang", "org.apache.commons.lang3"], "SerializationUtils") and
2531
this.hasName("deserialize")
2632
}
2733
}
34+
35+
/**
36+
* A taint preserving method on `org.apache.commons.lang.ArrayUtils` or `org.apache.commons.lang3.ArrayUtils`
37+
*/
38+
private class ApacheLangArrayUtilsTaintPreservingMethod extends TaintPreservingCallable {
39+
ApacheLangArrayUtilsTaintPreservingMethod() {
40+
this.getDeclaringType() instanceof TypeApacheArrayUtils
41+
}
42+
43+
override predicate returnsTaintFrom(int src) {
44+
this.hasName(["addAll", "addFirst"]) and
45+
src = [0 .. getNumberOfParameters()]
46+
or
47+
this.hasName(["clone", "nullToEmpty", "remove", "removeAll", "removeElement", "removeElements", "reverse", "shift", "shuffle", "subarray", "swap", "toArray", "toMap", "toObject", "toPrimitive", "toString", "toStringArray"]) and
48+
src = 0
49+
or
50+
this.hasName("add") and
51+
this.getNumberOfParameters() = 2 and
52+
src = [0,1,2]
53+
or
54+
this.hasName("add") and
55+
this.getNumberOfParameters() = 3 and
56+
src = [0, 2]
57+
}
58+
}

0 commit comments

Comments
 (0)