Skip to content

Commit a3b1736

Browse files
JLLeitschuhJLLeitschuh
committed
Ratpack improve support for parsing types
1 parent ac185d9 commit a3b1736

File tree

4 files changed

+200
-2
lines changed

4 files changed

+200
-2
lines changed

java/ql/src/semmle/code/java/frameworks/ratpack/Ratpack.qll

Lines changed: 29 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,13 +24,22 @@ private class RatpackHttpSource extends SourceModelCsv {
2424
"Request;true;getRawUri;;;ReturnValue;remote", "Request;true;getUri;;;ReturnValue;remote",
2525
"Request;true;getBody;;;ReturnValue;remote"
2626
]
27+
or
28+
// All Context#parse methods that return a Promise are remote flow sources.
29+
row =
30+
["ratpack.handling;", "ratpack.core.handling;"] + "Context;true;parse;" +
31+
[
32+
"(java.lang.Class);", "(com.google.common.reflect.TypeToken);", "(java.lang.Class,O);",
33+
"(com.google.common.reflect.TypeToken,O);", "(ratpack.core.parse.Parse);",
34+
"(ratpack.parse.Parse);"
35+
] + ";ReturnValue;remote"
2736
}
2837
}
2938

3039
/**
3140
* Ratpack methods that propagate user-supplied request data as tainted.
3241
*/
33-
private class RatpackHttpModel extends SummaryModelCsv {
42+
private class RatpackModel extends SummaryModelCsv {
3443
override predicate row(string row) {
3544
row =
3645
["ratpack.http;", "ratpack.core.http;"] +
@@ -49,6 +58,24 @@ private class RatpackHttpModel extends SummaryModelCsv {
4958
or
5059
row =
5160
["ratpack.form;", "ratpack.core.form;"] +
52-
["UploadedFile;true;getFileName;;;Argument[-1];ReturnValue;taint"]
61+
[
62+
"UploadedFile;true;getFileName;;;Argument[-1];ReturnValue;taint",
63+
"Form;true;file;;;Argument[-1];ReturnValue;taint",
64+
"Form;true;files;;;Argument[-1];ReturnValue;taint"
65+
]
66+
or
67+
row =
68+
["ratpack.handling;", "ratpack.core.handling;"] +
69+
[
70+
"Context;true;parse;(ratpack.http.TypedData,ratpack.parse.Parse);;Argument[0];ReturnValue;taint",
71+
"Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];ReturnValue;taint"
72+
]
73+
or
74+
row =
75+
["ratpack.util;", "ratpack.func;"] +
76+
[
77+
"MultiValueMap;true;getAll;;;Argument[-1];ReturnValue;taint",
78+
"MultiValueMap;true;asMultimap;;;Argument[-1];ReturnValue;taint"
79+
]
5380
}
5481
}

java/ql/test/library-tests/frameworks/ratpack/resources/Resource.java

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
import ratpack.core.handling.Context;
22
import ratpack.core.http.TypedData;
3+
import ratpack.core.form.Form;
34
import ratpack.core.form.UploadedFile;
5+
import ratpack.core.parse.Parse;
46
import ratpack.exec.Promise;
57
import java.io.OutputStream;
68

@@ -67,4 +69,36 @@ void test4() {
6769
.flatMap(a -> Promise.value(a))
6870
.then(this::sink); //$hasTaintFlow
6971
}
72+
73+
void test5(Context ctx) {
74+
ctx
75+
.getRequest()
76+
.getBody()
77+
.map(data -> {
78+
Form form = ctx.parse(data, Form.form());
79+
sink(form); //$hasTaintFlow
80+
return form;
81+
})
82+
.then(form -> {
83+
sink(form.file("questionable_file")); //$hasTaintFlow
84+
sink(form.file("questionable_file").getFileName()); //$hasTaintFlow
85+
sink(form.files("questionable_files")); //$hasTaintFlow
86+
sink(form.files()); //$hasTaintFlow
87+
sink(form.asMultimap()); //$hasTaintFlow
88+
sink(form.asMultimap().asMap()); //$hasTaintFlow
89+
});
90+
}
91+
92+
void test6(Context ctx) {
93+
ctx
94+
.parse(Parse.of(Form.class))
95+
.then(form -> {
96+
sink(form); //$hasTaintFlow
97+
});
98+
ctx
99+
.parse(Form.class)
100+
.then(form -> {
101+
sink(form); //$hasTaintFlow
102+
});
103+
}
70104
}

java/ql/test/stubs/ratpack-1.9.x/ratpack/core/form/Form.java

Lines changed: 108 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/ratpack-1.9.x/ratpack/core/form/FormParseOpts.java

Lines changed: 29 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)