Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d31711b

Browse files
am0o0am0o0
committed
merge all ne flow sources into one by extending current abstract class
1 parent f1324a4 commit d31711b

2 files changed

Lines changed: 15 additions & 16 deletions

File tree

java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.ql

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/**
22
* @name Uncontrolled file decompression
3-
* @description Uncontrolled data that flows into decompression library APIs without checking the compression rate is dangerous
3+
* @description Decompressing user-controlled files without checking the compression ratio may allow attackers to perform denial-of-service attacks.
44
* @kind path-problem
55
* @problem.severity error
66
* @security-severity 7.8
@@ -20,13 +20,7 @@ module DecompressionBombsConfig implements DataFlow::StateConfigSig {
2020
class FlowState = DecompressionState;
2121

2222
predicate isSource(DataFlow::Node source, FlowState state) {
23-
(
24-
source instanceof RemoteFlowSource
25-
or
26-
source instanceof FormRemoteFlowSource
27-
or
28-
source instanceof FileUploadRemoteFlowSource
29-
) and
23+
source instanceof RemoteFlowSource and
3024
(
3125
state instanceof ZipFile
3226
or

java/ql/src/experimental/semmle/code/java/security/FileAndFormRemoteSource.qll

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,6 @@
11
import java
22
import semmle.code.java.dataflow.DataFlow
3-
4-
abstract class FormRemoteFlowSource extends DataFlow::Node { }
5-
6-
abstract class FileUploadRemoteFlowSource extends DataFlow::Node { }
3+
import semmle.code.java.dataflow.FlowSources
74

85
class CommonsFileUploadAdditionalTaintStep extends Unit {
96
abstract predicate step(DataFlow::Node n1, DataFlow::Node n2);
@@ -30,17 +27,19 @@ module ApacheCommonsFileUpload {
3027
}
3128
}
3229

33-
class ServletFileUpload extends FileUploadRemoteFlowSource {
30+
class ServletFileUpload extends RemoteFlowSource {
3431
ServletFileUpload() {
3532
exists(MethodAccess ma |
3633
ma.getReceiverType() instanceof TypeServletFileUpload and
3734
ma.getCallee().hasName(["parseRequest"]) and
3835
this.asExpr() = ma
3936
)
4037
}
38+
39+
override string getSourceType() { result = "Apache Commons Fileupload" }
4140
}
4241

43-
private class FileItemRemoteSource extends FileUploadRemoteFlowSource {
42+
private class FileItemRemoteSource extends RemoteFlowSource {
4443
FileItemRemoteSource() {
4544
exists(MethodAccess ma |
4645
ma.getReceiverType() instanceof TypeFileUpload and
@@ -51,16 +50,20 @@ module ApacheCommonsFileUpload {
5150
this.asExpr() = ma
5251
)
5352
}
53+
54+
override string getSourceType() { result = "Apache Commons Fileupload" }
5455
}
5556

56-
private class FileItemStreamRemoteSource extends FileUploadRemoteFlowSource {
57+
private class FileItemStreamRemoteSource extends RemoteFlowSource {
5758
FileItemStreamRemoteSource() {
5859
exists(MethodAccess ma |
5960
ma.getReceiverType() instanceof TypeFileItemStream and
6061
ma.getCallee().hasName(["getContentType", "getFieldName", "getName", "openStream"]) and
6162
this.asExpr() = ma
6263
)
6364
}
65+
66+
override string getSourceType() { result = "Apache Commons Fileupload" }
6467
}
6568
}
6669

@@ -98,7 +101,7 @@ module ServletRemoteMultiPartSources {
98101
TypePart() { this.hasQualifiedName(["javax.servlet.http", "jakarta.servlet.http"], "Part") }
99102
}
100103

101-
private class ServletPartCalls extends FormRemoteFlowSource {
104+
private class ServletPartCalls extends RemoteFlowSource {
102105
ServletPartCalls() {
103106
exists(MethodAccess ma |
104107
ma.getReceiverType() instanceof TypePart and
@@ -110,5 +113,7 @@ module ServletRemoteMultiPartSources {
110113
this.asExpr() = ma
111114
)
112115
}
116+
117+
override string getSourceType() { result = "Javax Servlet Http" }
113118
}
114119
}

0 commit comments

Comments
 (0)