Add URL redirect sinks relating to JAX-WS

smowton · owen-mc · commit adb5764aacd9 · 2021-06-08T15:12:02.000+01:00
diff --git a/java/ql/src/semmle/code/java/security/UrlRedirect.qll b/java/ql/src/semmle/code/java/security/UrlRedirect.qll
@@ -35,3 +35,17 @@ private class ApacheUrlRedirectSink extends UrlRedirectSink {
     )
   }
 }
+
+/** A URL redirection sink from JAX-WS */
+private class JaxWsUrlRedirectSink extends UrlRedirectSink {
+  JaxWsUrlRedirectSink() {
+    exists(MethodAccess ma |
+      ma.getMethod()
+          .getDeclaringType()
+          .getAnAncestor()
+          .hasQualifiedName("javax.ws.rs.core", "Response") and
+      ma.getMethod().getName() in ["seeOther", "temporaryRedirect"] and
+      this.asExpr() = ma.getArgument(0)
+    )
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -35,3 +35,17 @@ private class ApacheUrlRedirectSink extends UrlRedirectSink {`
`35`	`35`	`)`
`36`	`36`	`}`
`37`	`37`	`}`
	`38`	`+`
	`39`	`+/** A URL redirection sink from JAX-WS */`
	`40`	`+private class JaxWsUrlRedirectSink extends UrlRedirectSink {`
	`41`	`+ JaxWsUrlRedirectSink() {`
	`42`	`+ exists(MethodAccess ma \|`
	`43`	`+ ma.getMethod()`
	`44`	`+ .getDeclaringType()`
	`45`	`+ .getAnAncestor()`
	`46`	`+ .hasQualifiedName("javax.ws.rs.core", "Response") and`
	`47`	`+ ma.getMethod().getName() in ["seeOther", "temporaryRedirect"] and`
	`48`	`+ this.asExpr() = ma.getArgument(0)`
	`49`	`+ )`
	`50`	`+ }`
	`51`	`+}`