Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 43b4962

Browse files
Jami CogswellJami Cogswell
Jami Cogswell
authored and
Jami Cogswell
committed
Java: use new 'SimpleTypeSanitizer', and update some non-extending subtype relationships
1 parent 2708e53 commit 43b4962

1 file changed

Lines changed: 4 additions & 13 deletions

File tree

java/ql/lib/semmle/code/java/security/UrlForward.qll

Lines changed: 4 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ private import semmle.code.java.dataflow.FlowSources
66
private import semmle.code.java.dataflow.StringPrefixes
77
private import semmle.code.java.security.PathSanitizer
88
private import semmle.code.java.controlflow.Guards
9+
private import semmle.code.java.security.Sanitizers
910

1011
/** A URL forward sink. */
1112
abstract class UrlForwardSink extends DataFlow::Node { }
@@ -38,13 +39,7 @@ private class ForwardPrefix extends InterestingPrefix {
3839
/** A URL forward barrier. */
3940
abstract class UrlForwardBarrier extends DataFlow::Node { }
4041

41-
private class PrimitiveBarrier extends UrlForwardBarrier {
42-
PrimitiveBarrier() {
43-
this.getType() instanceof PrimitiveType or
44-
this.getType() instanceof BoxedType or
45-
this.getType() instanceof NumberType
46-
}
47-
}
42+
private class PrimitiveBarrier extends UrlForwardBarrier instanceof SimpleTypeSanitizer { }
4843

4944
// TODO: should this also take URL encoding/decoding into account?
5045
// TODO: and PathSanitization in general?
@@ -87,9 +82,7 @@ private class DefaultUrlDecodeCall extends UrlDecodeCall {
8782
// TODO: this can probably be named/designed better...
8883
abstract class RepeatedStmt extends Stmt { }
8984

90-
private class DefaultRepeatedStmt extends RepeatedStmt {
91-
DefaultRepeatedStmt() { this instanceof LoopStmt }
92-
}
85+
private class DefaultRepeatedStmt extends RepeatedStmt instanceof LoopStmt { }
9386

9487
abstract class CheckEncodingCall extends MethodCall { }
9588

@@ -111,9 +104,7 @@ private class RepeatedUrlDecodeCall extends MethodCall {
111104
}
112105
}
113106

114-
private class CheckEncodingGuard extends Guard instanceof MethodCall {
115-
CheckEncodingGuard() { this instanceof CheckEncodingCall }
116-
107+
private class CheckEncodingGuard extends Guard instanceof MethodCall, CheckEncodingCall {
117108
Expr getCheckedExpr() { result = this.(MethodCall).getQualifier() }
118109
}
119110

0 commit comments

Comments
 (0)