Finish comment

haby0 · haby0 · commit 0e183ab4a48a · 2021-04-15T19:49:06.000+08:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
@@ -13,8 +13,9 @@ import semmle.code.java.frameworks.spring.SpringController
 abstract class RequestGetMethod extends Method {
   RequestGetMethod() {
     not exists(MethodAccess ma |
+      // Exclude apparent GET handlers that read a request entity, because this is the principle of JSONP.
       ma.getMethod() instanceof ServletRequestGetBodyMethod and
-      any(this).polyCalls*(ma.getEnclosingCallable())
+      this.polyCalls*(ma.getEnclosingCallable())
     )
   }
 }
diff --git a/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql b/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql
@@ -76,4 +76,4 @@ from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveGetQueryConfig
 where c.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
   "$@ uses the GET request method to transmit sensitive information.", source.getNode(),
-  "This request"
+  "This request"

Original file line number	Diff line number	Diff line change
`@@ -13,8 +13,9 @@ import semmle.code.java.frameworks.spring.SpringController`
`13`	`13`	`abstract class RequestGetMethod extends Method {`
`14`	`14`	`RequestGetMethod() {`
`15`	`15`	`not exists(MethodAccess ma \|`
	`16`	`+ // Exclude apparent GET handlers that read a request entity, because this is the principle of JSONP.`
`16`	`17`	`ma.getMethod() instanceof ServletRequestGetBodyMethod and`
`17`		`- any(this).polyCalls*(ma.getEnclosingCallable())`
	`18`	`+ this.polyCalls*(ma.getEnclosingCallable())`
`18`	`19`	`)`
`19`	`20`	`}`
`20`	`21`	`}`