Java: Convert PlayRequestGetMethod to CSV based flow source

tamasvajk · tamasvajk · commit 0d405c293a85 · 2021-03-09T12:20:35.000+01:00
diff --git a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
@@ -172,7 +172,12 @@ private predicate sourceModelCsv(string row) {
       "org.springframework.web.client;RestTemplate;false;getForEntity;;;ReturnValue;remote",
       "org.springframework.web.client;RestTemplate;false;postForEntity;;;ReturnValue;remote",
       // WebSocketMessageParameterSource
-      "java.net.http;WebSocket$Listener;true;onText;(WebSocket,CharSequence,boolean);;Parameter[1];remote"
+      "java.net.http;WebSocket$Listener;true;onText;(WebSocket,CharSequence,boolean);;Parameter[1];remote",
+      // PlayRequestGetMethod
+      "play.mvc;Http$RequestHeader;false;queryString;;;ReturnValue;remote",
+      "play.mvc;Http$RequestHeader;false;getQueryString;;;ReturnValue;remote",
+      "play.mvc;Http$RequestHeader;false;header;;;ReturnValue;remote",
+      "play.mvc;Http$RequestHeader;false;getHeader;;;ReturnValue;remote"
     ]
 }
 
diff --git a/java/ql/src/semmle/code/java/dataflow/FlowSources.qll b/java/ql/src/semmle/code/java/dataflow/FlowSources.qll
@@ -39,14 +39,6 @@ private class ExternalRemoteFlowSource extends RemoteFlowSource {
   override string getSourceType() { result = "external" }
 }
 
-private class RemoteTaintedMethodAccessSource extends RemoteFlowSource {
-  RemoteTaintedMethodAccessSource() {
-    this.asExpr().(MethodAccess).getMethod() instanceof RemoteTaintedMethod
-  }
-
-  override string getSourceType() { result = "network data source" }
-}
-
 private class RmiMethodParameterSource extends RemoteFlowSource {
   RmiMethodParameterSource() {
     exists(RemoteCallableMethod method |
@@ -204,17 +196,6 @@ class DatabaseInput extends LocalUserInput {
   DatabaseInput() { this.asExpr().(MethodAccess).getMethod() instanceof ResultSetGetStringMethod }
 }
 
-private class RemoteTaintedMethod extends Method {
-  RemoteTaintedMethod() { this instanceof PlayRequestGetMethod }
-}
-
-private class PlayRequestGetMethod extends Method {
-  PlayRequestGetMethod() {
-    this.getDeclaringType() instanceof PlayMvcHttpRequestHeader and
-    this.hasName(["queryString", "getQueryString", "header", "getHeader"])
-  }
-}
-
 /** A method that reads from the environment, such as `System.getProperty` or `System.getenv`. */
 class EnvReadMethod extends Method {
   EnvReadMethod() {

Original file line number	Diff line number	Diff line change
`@@ -172,7 +172,12 @@ private predicate sourceModelCsv(string row) {`
`172`	`172`	`"org.springframework.web.client;RestTemplate;false;getForEntity;;;ReturnValue;remote",`
`173`	`173`	`"org.springframework.web.client;RestTemplate;false;postForEntity;;;ReturnValue;remote",`
`174`	`174`	`// WebSocketMessageParameterSource`
`175`		`- "java.net.http;WebSocket$Listener;true;onText;(WebSocket,CharSequence,boolean);;Parameter[1];remote"`
	`175`	`+ "java.net.http;WebSocket$Listener;true;onText;(WebSocket,CharSequence,boolean);;Parameter[1];remote",`
	`176`	`+ // PlayRequestGetMethod`
	`177`	`+ "play.mvc;Http$RequestHeader;false;queryString;;;ReturnValue;remote",`
	`178`	`+ "play.mvc;Http$RequestHeader;false;getQueryString;;;ReturnValue;remote",`
	`179`	`+ "play.mvc;Http$RequestHeader;false;header;;;ReturnValue;remote",`
	`180`	`+ "play.mvc;Http$RequestHeader;false;getHeader;;;ReturnValue;remote"`
`176`	`181`	`]`
`177`	`182`	`}`
`178`	`183`