Java: Promote models for CWE-625.

michaelnebel · michaelnebel · commit a802700a81fc · 2024-11-22T13:09:03.000+01:00
diff --git a/java/ext/experimental/javax.servlet.http.model.yml b/java/ext/experimental/javax.servlet.http.model.yml
diff --git a/java/ext/manual/javax.servlet.http.model.yml b/java/ext/manual/javax.servlet.http.model.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["javax.servlet.http", "HttpServletRequest", False, "getPathInfo", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
+      - ["javax.servlet.http", "HttpServletRequest", False, "getPathTranslated", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
+      - ["javax.servlet.http", "HttpServletRequest", False, "getRequestURI", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
+      - ["javax.servlet.http", "HttpServletRequest", False, "getRequestURL", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
+      - ["javax.servlet.http", "HttpServletRequest", False, "getServletPath", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
diff --git a/java/src/security/CWE-625/PermissiveDotRegexQuery.qll b/java/src/security/CWE-625/PermissiveDotRegexQuery.qll
@@ -8,10 +8,6 @@ import semmle.code.java.controlflow.Guards
 import semmle.code.java.security.UrlRedirect
 import Regex
 
-private class ActivateModels extends ActiveExperimentalModels {
-  ActivateModels() { this = "permissive-dot-regex-query" }
-}
-
 /** A string that ends with `.*` not prefixed with `\`. */
 private class PermissiveDotStr extends StringLiteral {
   PermissiveDotStr() {
