Java: Convert SpringRestTemplateResponseEntityMethod to CSV based flow source

tamasvajk · tamasvajk · commit 193458eb3db4 · 2021-03-09T11:49:59.000+01:00
diff --git a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
@@ -166,7 +166,11 @@ private predicate sourceModelCsv(string row) {
       // The current URL in a browser may be untrusted or uncontrolled.
       // WebViewGetUrlMethod
       "android.webkit;WebView;false;getUrl;();;ReturnValue;remote",
-      "android.webkit;WebView;false;getOriginalUrl;();;ReturnValue;remote"
+      "android.webkit;WebView;false;getOriginalUrl;();;ReturnValue;remote",
+      // SpringRestTemplateResponseEntityMethod
+      "org.springframework.web.client;RestTemplate;false;exchange;;;ReturnValue;remote",
+      "org.springframework.web.client;RestTemplate;false;getForEntity;;;ReturnValue;remote",
+      "org.springframework.web.client;RestTemplate;false;postForEntity;;;ReturnValue;remote"
     ]
 }
 
diff --git a/java/ql/src/semmle/code/java/dataflow/FlowSources.qll b/java/ql/src/semmle/code/java/dataflow/FlowSources.qll
@@ -213,10 +213,7 @@ class DatabaseInput extends LocalUserInput {
 }
 
 private class RemoteTaintedMethod extends Method {
-  RemoteTaintedMethod() {
-    this instanceof PlayRequestGetMethod or
-    this instanceof SpringRestTemplateResponseEntityMethod
-  }
+  RemoteTaintedMethod() { this instanceof PlayRequestGetMethod }
 }
 
 private class PlayRequestGetMethod extends Method {

Original file line number	Diff line number	Diff line change
`@@ -166,7 +166,11 @@ private predicate sourceModelCsv(string row) {`
`166`	`166`	`// The current URL in a browser may be untrusted or uncontrolled.`
`167`	`167`	`// WebViewGetUrlMethod`
`168`	`168`	`"android.webkit;WebView;false;getUrl;();;ReturnValue;remote",`
`169`		`- "android.webkit;WebView;false;getOriginalUrl;();;ReturnValue;remote"`
	`169`	`+ "android.webkit;WebView;false;getOriginalUrl;();;ReturnValue;remote",`
	`170`	`+ // SpringRestTemplateResponseEntityMethod`
	`171`	`+ "org.springframework.web.client;RestTemplate;false;exchange;;;ReturnValue;remote",`
	`172`	`+ "org.springframework.web.client;RestTemplate;false;getForEntity;;;ReturnValue;remote",`
	`173`	`+ "org.springframework.web.client;RestTemplate;false;postForEntity;;;ReturnValue;remote"`
`170`	`174`	`]`
`171`	`175`	`}`
`172`	`176`
Original file line number	Diff line number	Diff line change
`@@ -213,10 +213,7 @@ class DatabaseInput extends LocalUserInput {`
`213`	`213`	`}`
`214`	`214`
`215`	`215`	`private class RemoteTaintedMethod extends Method {`
`216`		`- RemoteTaintedMethod() {`
`217`		`- this instanceof PlayRequestGetMethod or`
`218`		`- this instanceof SpringRestTemplateResponseEntityMethod`
`219`		`- }`
	`216`	`+ RemoteTaintedMethod() { this instanceof PlayRequestGetMethod }`
`220`	`217`	`}`
`221`	`218`
`222`	`219`	`private class PlayRequestGetMethod extends Method {`