Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e81d3ce

Browse files
p-p-
committed
Add type for java.net.URL
1 parent e1e03e3 commit e81d3ce

2 files changed

Lines changed: 6 additions & 2 deletions

File tree

java/ql/src/Security/CWE/CWE-036/OpenStream.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ import semmle.code.java.dataflow.FlowSources
1212
import DataFlow::PathGraph
1313

1414
class URLConstructor extends ClassInstanceExpr {
15-
URLConstructor() { this.getConstructor().getDeclaringType().getQualifiedName() = "java.net.URL" }
15+
URLConstructor() { this.getConstructor().getDeclaringType() instanceof TypeUrl }
1616

1717
Expr stringArg() {
1818
// Query only in URL's that were constructed by calling the single parameter string constructor.
@@ -26,7 +26,7 @@ class URLConstructor extends ClassInstanceExpr {
2626

2727
class URLOpenStreamMethod extends Method {
2828
URLOpenStreamMethod() {
29-
this.getDeclaringType().getQualifiedName() = "java.net.URL" and
29+
this.getDeclaringType() instanceof TypeUrl and
3030
this.getName() = "openStream"
3131
}
3232
}

java/ql/src/semmle/code/java/frameworks/Networking.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,10 @@ class TypeSocket extends RefType {
1212
TypeSocket() { hasQualifiedName("java.net", "Socket") }
1313
}
1414

15+
class TypeUrl extends RefType {
16+
TypeUrl() { hasQualifiedName("java.net", "URL") }
17+
}
18+
1519
class URLConnectionGetInputStreamMethod extends Method {
1620
URLConnectionGetInputStreamMethod() {
1721
getDeclaringType() instanceof TypeUrlConnection and

0 commit comments

Comments
 (0)