Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 86cf143

Browse files
tamasvajktamasvajk
committed
Java: Convert ServletRequestGetBodyMethod to CSV based flow source
1 parent b05a904 commit 86cf143

2 files changed

Lines changed: 4 additions & 2 deletions

File tree

java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,8 +128,11 @@ private predicate sourceModelCsv(string row) {
128128
"org.springframework.web.context.request;WebRequest;false;getParameter;;;ReturnValue;remote",
129129
"org.springframework.web.context.request;WebRequest;false;getParameterMap;;;ReturnValue;remote",
130130
"org.springframework.web.context.request;WebRequest;false;getParameterNames;;;ReturnValue;remote",
131-
"org.springframework.web.context.request;WebRequest;false;getParameterValues;;;ReturnValue;remote"
131+
"org.springframework.web.context.request;WebRequest;false;getParameterValues;;;ReturnValue;remote",
132132
// TODO consider org.springframework.web.context.request.WebRequest.getRemoteUser
133+
// ServletRequestGetBodyMethod
134+
"javax.servlet;ServletRequest;false;getInputStream;();;ReturnValue;remote",
135+
"javax.servlet;ServletRequest;false;getReader;();;ReturnValue;remote"
133136
]
134137
}
135138

java/ql/src/semmle/code/java/dataflow/FlowSources.qll

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -216,7 +216,6 @@ private class RemoteTaintedMethod extends Method {
216216
RemoteTaintedMethod() {
217217
this instanceof PlayRequestGetMethod or
218218
this instanceof SpringRestTemplateResponseEntityMethod or
219-
this instanceof ServletRequestGetBodyMethod or
220219
this instanceof CookieGetValueMethod or
221220
this instanceof CookieGetNameMethod or
222221
this instanceof CookieGetCommentMethod or

0 commit comments

Comments
 (0)