File tree Expand file tree Collapse file tree
experimental/Security/CWE/CWE-598
semmle/code/java/frameworks Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -23,18 +23,13 @@ class SensitiveInfoExpr extends Expr {
2323 }
2424}
2525
26- /** GET servlet method of `javax.servlet.http.Servlet` and subtypes. */
27- private predicate isGetServletMethod ( Callable c ) {
28- c .getDeclaringType ( ) instanceof ServletClass and
29- c .getNumberOfParameters ( ) = 2 and
30- c .getParameter ( 1 ) .getType ( ) instanceof ServletResponse and
31- c .getName ( ) = "doGet"
32- }
26+ /** Holds if `c` is a call to some override of `HttpServlet.doGet`. */
27+ private predicate isGetServletMethod ( Callable c ) { isServletMethod ( c , "doGet" ) }
3328
3429/** Sink of GET servlet requests. */
3530class GetServletMethodSink extends DataFlow:: ExprNode {
3631 GetServletMethodSink ( ) {
37- exists ( Method m , MethodAccess ma | ma . getMethod ( ) = m |
32+ exists ( MethodAccess ma |
3833 isGetServletMethod ( ma .getEnclosingCallable ( ) ) and
3934 ma .getAnArgument ( ) = this .getExpr ( )
4035 )
Original file line number Diff line number Diff line change @@ -322,3 +322,12 @@ class ServletWebXMLListenerType extends RefType {
322322 // - `HttpSessionBindingListener`
323323 }
324324}
325+
326+ /** Holds if `c` is a call to some override of methods of `HttpServlet`, for example `doGet` or `doPost`. */
327+ predicate isServletMethod ( Callable c , string methodName ) {
328+ c .getDeclaringType ( ) instanceof ServletClass and
329+ c .getNumberOfParameters ( ) = 2 and
330+ c .getParameter ( 0 ) .getType ( ) instanceof ServletRequest and
331+ c .getParameter ( 1 ) .getType ( ) instanceof ServletResponse and
332+ c .getName ( ) = methodName
333+ }
You can’t perform that action at this time.
0 commit comments