Skip to content

Commit 052452b

Browse files
Jami CogswellJami Cogswell
Jami Cogswell
authored and
Jami Cogswell
committed
Java: create UrlDecodeMethod
1 parent d220b3a commit 052452b

File tree

2 files changed

+15
-5
lines changed

2 files changed

+15
-5
lines changed

java/ql/lib/semmle/code/java/frameworks/Networking.qll

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,11 @@ class TypeUrl extends RefType {
2424
TypeUrl() { this.hasQualifiedName("java.net", "URL") }
2525
}
2626

27+
/** The type `java.net.URLDecoder`. */
28+
class TypeUrlDecoder extends RefType {
29+
TypeUrlDecoder() { this.hasQualifiedName("java.net", "URLDecoder") }
30+
}
31+
2732
/** The type `java.net.URI`. */
2833
class TypeUri extends RefType {
2934
TypeUri() { this.hasQualifiedName("java.net", "URI") }
@@ -157,6 +162,14 @@ class UrlOpenConnectionMethod extends Method {
157162
}
158163
}
159164

165+
/** The method `java.net.URLDecoder::decode`. */
166+
class UrlDecodeMethod extends Method {
167+
UrlDecodeMethod() {
168+
this.getDeclaringType() instanceof TypeUrlDecoder and
169+
this.getName() = "decode"
170+
}
171+
}
172+
160173
/** The method `javax.net.SocketFactory::createSocket`. */
161174
class CreateSocketMethod extends Method {
162175
CreateSocketMethod() {

java/ql/lib/semmle/code/java/security/UrlForward.qll

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -41,8 +41,6 @@ abstract class UrlForwardBarrier extends DataFlow::Node { }
4141

4242
private class PrimitiveBarrier extends UrlForwardBarrier instanceof SimpleTypeSanitizer { }
4343

44-
// TODO: should this also take URL encoding/decoding into account?
45-
// TODO: and PathSanitization in general?
4644
private class FollowsBarrierPrefix extends UrlForwardBarrier {
4745
FollowsBarrierPrefix() { this.asExpr() = any(BarrierPrefix fp).getAnAppendedExpression() }
4846
}
@@ -58,9 +56,8 @@ private class BarrierPrefix extends InterestingPrefix {
5856

5957
private class UrlPathBarrier extends UrlForwardBarrier instanceof PathInjectionSanitizer {
6058
UrlPathBarrier() {
61-
this instanceof ExactPathMatchSanitizer //TODO: still need a better solution for this edge case...
59+
this instanceof ExactPathMatchSanitizer
6260
or
63-
// TODO: these don't enforce order of checks and PathSanitization... make bypass test cases.
6461
this instanceof NoEncodingBarrier
6562
or
6663
this instanceof FullyDecodesBarrier
@@ -71,7 +68,7 @@ abstract class UrlDecodeCall extends MethodCall { }
7168

7269
private class DefaultUrlDecodeCall extends UrlDecodeCall {
7370
DefaultUrlDecodeCall() {
74-
this.getMethod().hasQualifiedName("java.net", "URLDecoder", "decode") or // TODO: reuse existing class? Or make this a class?
71+
this.getMethod() instanceof UrlDecodeMethod or
7572
this.getMethod().hasQualifiedName("org.eclipse.jetty.util.URIUtil", "URIUtil", "decodePath")
7673
}
7774
}

0 commit comments

Comments
 (0)