Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources.

Sebastian Bauersfeld · Sebastian Bauersfeld · commit 2f200d75172d · 2019-04-17T18:02:00.000-04:00
diff --git a/java/ql/src/semmle/code/java/frameworks/SpringWeb.qll b/java/ql/src/semmle/code/java/frameworks/SpringWeb.qll
@@ -11,7 +11,9 @@ class SpringServletInputAnnotation extends Annotation {
       a.hasName("RequestParam") or
       a.hasName("RequestHeader") or
       a.hasName("CookieValue") or
-      a.hasName("RequestPart")
+      a.hasName("RequestPart") or
+      a.hasName("PathVariable") or
+      a.hasName("RequestBody")
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,9 @@ class SpringServletInputAnnotation extends Annotation {`
`11`	`11`	`a.hasName("RequestParam") or`
`12`	`12`	`a.hasName("RequestHeader") or`
`13`	`13`	`a.hasName("CookieValue") or`
`14`		`- a.hasName("RequestPart")`
	`14`	`+ a.hasName("RequestPart") or`
	`15`	`+ a.hasName("PathVariable") or`
	`16`	`+ a.hasName("RequestBody")`
`15`	`17`	`)`
`16`	`18`	`}`
`17`	`19`	`}`