File tree Expand file tree Collapse file tree
java/ql/src/experimental/Security/CWE/CWE-352 Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -52,7 +52,7 @@ class RequestResponseFlowConfig extends TaintTracking::Configuration {
5252
5353 override predicate isSink ( DataFlow:: Node sink ) {
5454 sink instanceof XssSink and
55- any ( RequestGetMethod m ) .polyCalls * ( source .getEnclosingCallable ( ) )
55+ any ( RequestGetMethod m ) .polyCalls * ( sink .getEnclosingCallable ( ) )
5656 }
5757
5858 override predicate isAdditionalTaintStep ( DataFlow:: Node pred , DataFlow:: Node succ ) {
Original file line number Diff line number Diff line change @@ -77,10 +77,13 @@ class SpringControllerRequestMappingGetMethod extends SpringControllerGetMethod
7777 this .getAnAnnotation ( )
7878 .getType ( )
7979 .hasQualifiedName ( "org.springframework.web.bind.annotation" , "RequestMapping" ) and
80- this .getAnAnnotation ( ) .getValue ( "method" ) .toString ( ) .regexpMatch ( "RequestMethod.GET|\\{...\\}" ) and
80+ (
81+ this .getAnAnnotation ( ) .getValue ( "method" ) .( VarAccess ) .getVariable ( ) .getName ( ) = "GET" or
82+ this .getAnAnnotation ( ) .getValue ( "method" ) .( ArrayInit ) .getSize ( ) = 0 //Java code example: @RequestMapping(value = "test")
83+ ) and
8184 not exists ( MethodAccess ma |
8285 ma .getMethod ( ) instanceof ServletRequestGetBodyMethod and
83- this = getACallingCallableOrSelf ( ma .getEnclosingCallable ( ) )
86+ any ( this ) . polyCalls * ( ma .getEnclosingCallable ( ) )
8487 ) and
8588 not this .getAParamType ( ) .getName ( ) = "MultipartFile"
8689 }
You can’t perform that action at this time.
0 commit comments