Java: Fix incorrect annotation handling for SpringControllerRequestMappingGetMethod

Marcono1234 · smowton · commit e3c1b968305f · 2022-09-16T15:49:16.000+01:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
@@ -47,8 +47,8 @@ class SpringControllerRequestMappingGetMethod extends SpringControllerGetMethod
         .getType()
         .hasQualifiedName("org.springframework.web.bind.annotation", "RequestMapping") and
     (
-      this.getAnAnnotation().getEnumConstantValue("method").getName() = "GET" or
-      this.getAnAnnotation().getValue("method").(ArrayInit).getSize() = 0 //Java code example: @RequestMapping(value = "test")
+      this.getAnAnnotation().getAnEnumConstantArrayValue("method").getName() = "GET" or
+      not exists(this.getAnAnnotation().getAnArrayValue("method")) //Java code example: @RequestMapping(value = "test")
     ) and
     not this.getAParamType().getName() = "MultipartFile"
   }

Original file line number	Diff line number	Diff line change
`@@ -47,8 +47,8 @@ class SpringControllerRequestMappingGetMethod extends SpringControllerGetMethod`
`47`	`47`	`.getType()`
`48`	`48`	`.hasQualifiedName("org.springframework.web.bind.annotation", "RequestMapping") and`
`49`	`49`	`(`
`50`		`- this.getAnAnnotation().getEnumConstantValue("method").getName() = "GET" or`
`51`		`- this.getAnAnnotation().getValue("method").(ArrayInit).getSize() = 0 //Java code example: @RequestMapping(value = "test")`
	`50`	`+ this.getAnAnnotation().getAnEnumConstantArrayValue("method").getName() = "GET" or`
	`51`	`+ not exists(this.getAnAnnotation().getAnArrayValue("method")) //Java code example: @RequestMapping(value = "test")`
`52`	`52`	`) and`
`53`	`53`	`not this.getAParamType().getName() = "MultipartFile"`
`54`	`54`	`}`