Skip to content

Commit 17cef3f

Browse files
author
Sauyon Lee
committed
Address review comments
1 parent 390e48f commit 17cef3f

File tree

2 files changed

+51
-10
lines changed

2 files changed

+51
-10
lines changed

java/ql/src/semmle/code/java/frameworks/spring/SpringWebUtil.qll

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,8 @@ private class FlowSummaries extends SummaryModelCsv {
9494
"org.springframework.web.util;UriComponents;false;getUserInfo;;;Argument[-1];ReturnValue;taint",
9595
"org.springframework.web.util;UriComponents;false;toUri;;;Argument[-1];ReturnValue;taint",
9696
"org.springframework.web.util;UriComponents;false;toUriString;;;Argument[-1];ReturnValue;taint",
97+
"org.springframework.web.util;UriComponents;false;toString;;;Argument[-1];ReturnValue;taint",
98+
"org.springframework.web.util;UriComponents;false;normalize;;;Argument[-1];ReturnValue;taint",
9799
"org.springframework.web.util;UriComponentsBuilder;false;build;;;Argument[-1];ReturnValue;taint",
98100
"org.springframework.web.util;UriComponentsBuilder;false;build;(Map);;MapValue of Argument[0];ReturnValue;taint",
99101
"org.springframework.web.util;UriComponentsBuilder;false;build;(Object[]);;ArrayElement of Argument[0];ReturnValue;taint",
@@ -121,6 +123,7 @@ private class FlowSummaries extends SummaryModelCsv {
121123
"org.springframework.web.util;UriTemplate;false;expand;(Object[]);;ArrayElement of Argument[0];ReturnValue;taint",
122124
"org.springframework.web.util;UriTemplate;false;getVariableNames;;;Argument[-1];Element of ReturnValue;taint",
123125
"org.springframework.web.util;UriTemplate;false;match;;;Argument[0];MapValue of ReturnValue;taint",
126+
"org.springframework.web.util;UriTemplate;false;toString;;;Argument[-1];ReturnValue;taint",
124127
"org.springframework.web.util;UriUtils;false;decode;;;Argument[0];ReturnValue;taint",
125128
"org.springframework.web.util;UriUtils;false;encode;;;Argument[0];ReturnValue;taint",
126129
"org.springframework.web.util;UriUtils;false;encodeAuthority;;;Argument[0];ReturnValue;taint",
@@ -148,7 +151,8 @@ private class FlowSummaries extends SummaryModelCsv {
148151
"org.springframework.web.util;UrlPathHelper;false;getOriginatingContextPath;;;Argument[0];ReturnValue;taint",
149152
"org.springframework.web.util;UrlPathHelper;false;getOriginatingQueryString;;;Argument[0];ReturnValue;taint",
150153
"org.springframework.web.util;UrlPathHelper;false;getOriginatingRequestUri;;;Argument[0];ReturnValue;taint",
151-
"org.springframework.web.util;UrlPathHelper;false;getOriginatingServletPath;;;Argument[0];ReturnValue;taint",
154+
"org.springframework.web.util;UrlPathHelper;false;getPathWithinApplication;;;Argument[0];ReturnValue;taint",
155+
"org.springframework.web.util;UrlPathHelper;false;getPathWithinServletMapping;;;Argument[0];ReturnValue;taint",
152156
"org.springframework.web.util;UrlPathHelper;false;getRequestUri;;;Argument[0];ReturnValue;taint",
153157
"org.springframework.web.util;UrlPathHelper;false;getResolvedLookupPath;;;Argument[0];ReturnValue;taint",
154158
"org.springframework.web.util;UrlPathHelper;false;getServletPath;;;Argument[0];ReturnValue;taint",
@@ -165,7 +169,8 @@ private class FlowSummaries extends SummaryModelCsv {
165169
"org.springframework.web.util;WebUtils;false;getRequiredSessionAttribute;;;Argument[0];ReturnValue;taint",
166170
"org.springframework.web.util;WebUtils;false;getSessionAttribute;;;Argument[0];ReturnValue;taint",
167171
"org.springframework.web.util;WebUtils;false;parseMatrixVariables;;;Argument[0];MapKey of ReturnValue;taint",
168-
"org.springframework.web.util;WebUtils;false;parseMatrixVariables;;;Argument[0];MapValue of ReturnValue;taint"
172+
"org.springframework.web.util;WebUtils;false;parseMatrixVariables;;;Argument[0];MapValue of ReturnValue;taint",
173+
"org.springframework.web.util;WebUtils;false;setSessionAttribute;;;Argument[2];Argument[0];taint"
169174
]
170175
}
171176
}

java/ql/test/library-tests/frameworks/spring/webutil/Test.java

Lines changed: 44 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2441,14 +2441,6 @@ public void test() throws Exception {
24412441
out = instance.getOriginatingRequestUri(in);
24422442
sink(out); // $hasTaintFlow
24432443
}
2444-
{
2445-
// "org.springframework.web.util;UrlPathHelper;false;getOriginatingServletPath;;;Argument[0];ReturnValue;taint"
2446-
String out = null;
2447-
HttpServletRequest in = (HttpServletRequest)source();
2448-
UrlPathHelper instance = null;
2449-
out = instance.getOriginatingServletPath(in);
2450-
sink(out); // $hasTaintFlow
2451-
}
24522444
{
24532445
// "org.springframework.web.util;UrlPathHelper;false;getRequestUri;;;Argument[0];ReturnValue;taint"
24542446
String out = null;
@@ -2621,6 +2613,50 @@ public void test() throws Exception {
26212613
out = HtmlUtils.htmlEscapeHex(in);
26222614
sink(out); // $ hasTaintFlow
26232615
}
2616+
{
2617+
// "org.springframework.web.util;UriComponents;false;normalize;;;Argument[-1];ReturnValue;taint"
2618+
UriComponents out = null;
2619+
UriComponents in = (UriComponents)source();
2620+
out = in.normalize();
2621+
sink(out); // $ hasTaintFlow
2622+
}
2623+
{
2624+
// "org.springframework.web.util;UriComponents;false;toString;;;Argument[-1];ReturnValue;taint"
2625+
String out = null;
2626+
UriComponents in = (UriComponents)source();
2627+
out = in.toString();
2628+
sink(out); // $ hasTaintFlow
2629+
}
2630+
{
2631+
// "org.springframework.web.util;UriTemplate;false;toString;;;Argument[-1];ReturnValue;taint"
2632+
String out = null;
2633+
UriTemplate in = (UriTemplate)source();
2634+
out = in.toString();
2635+
sink(out); // $ hasTaintFlow
2636+
}
2637+
{
2638+
// "org.springframework.web.util;UrlPathHelper;false;getPathWithinApplication;;;Argument[0];ReturnValue;taint"
2639+
String out = null;
2640+
HttpServletRequest in = (HttpServletRequest)source();
2641+
UrlPathHelper instance = null;
2642+
out = instance.getPathWithinApplication(in);
2643+
sink(out); // $ hasTaintFlow
2644+
}
2645+
{
2646+
// "org.springframework.web.util;UrlPathHelper;false;getPathWithinServletMapping;;;Argument[0];ReturnValue;taint"
2647+
String out = null;
2648+
HttpServletRequest in = (HttpServletRequest)source();
2649+
UrlPathHelper instance = null;
2650+
out = instance.getPathWithinServletMapping(in);
2651+
sink(out); // $ hasTaintFlow
2652+
}
2653+
{
2654+
// "org.springframework.web.util;WebUtils;false;setSessionAttribute;;;Argument[2];Argument[0];taint"
2655+
HttpServletRequest out = null;
2656+
Object in = (Object)source();
2657+
WebUtils.setSessionAttribute(out, null, in);
2658+
sink(out); // $ hasTaintFlow
2659+
}
26242660

26252661
}
26262662

0 commit comments

Comments
 (0)