Skip to content

Commit 1e32514

Browse files
smowtonsmowton
committed
Avoid using this for a non-extending supertype, and remove needless casts
1 parent d744cf9 commit 1e32514

File tree

1 file changed

+12
-12
lines changed

1 file changed

+12
-12
lines changed

java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -64,20 +64,20 @@ private class FollowsSanitizingPrefix extends UnsafeUrlForwardSanitizer {
6464
*/
6565
private class ExactStringPathMatchGuard extends UnsafeUrlForwardBarrierGuard instanceof MethodAccess {
6666
ExactStringPathMatchGuard() {
67-
this.getMethod().getDeclaringType() instanceof TypeString and
68-
this.getMethod().getName() = ["equals", "equalsIgnoreCase"]
67+
super.getMethod().getDeclaringType() instanceof TypeString and
68+
super.getMethod().getName() = ["equals", "equalsIgnoreCase"]
6969
}
7070

7171
override predicate checks(Expr e, boolean branch) {
72-
e = this.(MethodAccess).getQualifier() and
72+
e = super.getQualifier() and
7373
branch = true
7474
}
7575
}
7676

7777
private class AllowListGuard extends Guard instanceof MethodAccess {
7878
AllowListGuard() {
79-
(isStringPartialMatch(this.(MethodAccess)) or isPathPartialMatch(this.(MethodAccess))) and
80-
not isDisallowedWord(this.(MethodAccess).getAnArgument())
79+
(isStringPartialMatch(this) or isPathPartialMatch(this)) and
80+
not isDisallowedWord(super.getAnArgument())
8181
}
8282

8383
Expr getCheckedExpr() { result = super.getQualifier() }
@@ -124,7 +124,7 @@ private class DotDotCheckBarrierGuard extends UnsafeUrlForwardBarrierGuard insta
124124
private class BlockListGuard extends Guard instanceof MethodAccess {
125125
BlockListGuard() {
126126
(isStringPartialMatch(this) or isPathPartialMatch(this)) and
127-
isDisallowedWord(this.getAnArgument())
127+
isDisallowedWord(super.getAnArgument())
128128
}
129129

130130
Expr getCheckedExpr() { result = super.getQualifier() }
@@ -193,9 +193,9 @@ private class PathTraversalGuard extends Guard instanceof MethodAccess {
193193
Expr checked;
194194

195195
PathTraversalGuard() {
196-
this.getMethod().getDeclaringType() instanceof TypeString and
197-
this.getMethod().hasName(["contains", "indexOf"]) and
198-
this.getAnArgument().(CompileTimeConstantExpr).getStringValue() = ".."
196+
super.getMethod().getDeclaringType() instanceof TypeString and
197+
super.getMethod().hasName(["contains", "indexOf"]) and
198+
super.getAnArgument().(CompileTimeConstantExpr).getStringValue() = ".."
199199
}
200200

201201
Expr getCheckedExpr() { result = super.getQualifier() }
@@ -212,9 +212,9 @@ private class PathNormalizeSanitizer extends MethodAccess {
212212
/** A complementary guard that protects against double URL encoding, by looking for the literal `%`. */
213213
private class UrlEncodingGuard extends Guard instanceof MethodAccess {
214214
UrlEncodingGuard() {
215-
this.getMethod().getDeclaringType() instanceof TypeString and
216-
this.getMethod().hasName(["contains", "indexOf"]) and
217-
this.getAnArgument().(CompileTimeConstantExpr).getStringValue() = "%"
215+
super.getMethod().getDeclaringType() instanceof TypeString and
216+
super.getMethod().hasName(["contains", "indexOf"]) and
217+
super.getAnArgument().(CompileTimeConstantExpr).getStringValue() = "%"
218218
}
219219

220220
Expr getCheckedExpr() { result = super.getQualifier() }

0 commit comments

Comments
 (0)