Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e2cfea1

Browse files
egregius313egregius313
committed
Add UnsafeUrlForward
1 parent d48adbd commit e2cfea1

1 file changed

Lines changed: 11 additions & 13 deletions

File tree

java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql

Lines changed: 11 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -17,12 +17,10 @@ import semmle.code.java.dataflow.FlowSources
1717
import semmle.code.java.dataflow.TaintTracking
1818
import experimental.semmle.code.java.frameworks.Jsf
1919
import semmle.code.java.security.PathSanitizer
20-
import DataFlow::PathGraph
20+
import UnsafeUrlForwardFlow::PathGraph
2121

22-
class UnsafeUrlForwardFlowConfig extends TaintTracking::Configuration {
23-
UnsafeUrlForwardFlowConfig() { this = "UnsafeUrlForwardFlowConfig" }
24-
25-
override predicate isSource(DataFlow::Node source) {
22+
module UnsafeUrlForwardFlowConfig implements DataFlow::ConfigSig {
23+
predicate isSource(DataFlow::Node source) {
2624
source instanceof RemoteFlowSource and
2725
not exists(MethodAccess ma, Method m | ma.getMethod() = m |
2826
(
@@ -34,18 +32,16 @@ class UnsafeUrlForwardFlowConfig extends TaintTracking::Configuration {
3432
)
3533
}
3634

37-
override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeUrlForwardSink }
35+
predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeUrlForwardSink }
3836

39-
override predicate isSanitizer(DataFlow::Node node) {
37+
predicate isBarrier(DataFlow::Node node) {
4038
node instanceof UnsafeUrlForwardSanitizer or
4139
node instanceof PathInjectionSanitizer
4240
}
4341

44-
override DataFlow::FlowFeature getAFeature() {
45-
result instanceof DataFlow::FeatureHasSourceCallContext
46-
}
42+
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
4743

48-
override predicate isAdditionalTaintStep(DataFlow::Node prev, DataFlow::Node succ) {
44+
predicate isAdditionalFlowStep(DataFlow::Node prev, DataFlow::Node succ) {
4945
exists(MethodAccess ma |
5046
(
5147
ma.getMethod() instanceof GetServletResourceMethod or
@@ -60,7 +56,9 @@ class UnsafeUrlForwardFlowConfig extends TaintTracking::Configuration {
6056
}
6157
}
6258

63-
from DataFlow::PathNode source, DataFlow::PathNode sink, UnsafeUrlForwardFlowConfig conf
64-
where conf.hasFlowPath(source, sink)
59+
module UnsafeUrlForwardFlow = TaintTracking::Global<UnsafeUrlForwardFlowConfig>;
60+
61+
from UnsafeUrlForwardFlow::PathNode source, UnsafeUrlForwardFlow::PathNode sink
62+
where UnsafeUrlForwardFlow::flowPath(source, sink)
6563
select sink.getNode(), source, sink, "Potentially untrusted URL forward due to $@.",
6664
source.getNode(), "user-provided value"

0 commit comments

Comments
 (0)