Skip to content

Commit 180904e

Browse files
tamasvajktamasvajk
committed
Revert "Java: Convert Google HTTP client API parseAs sink to CSV format"
This reverts commit 3e53484.
1 parent 351f35d commit 180904e

File tree

2 files changed

+14
-9
lines changed

2 files changed

+14
-9
lines changed

java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,6 @@ private module Frameworks {
7676
private import semmle.code.java.frameworks.ApacheHttp
7777
private import semmle.code.java.frameworks.apache.Lang
7878
private import semmle.code.java.frameworks.guava.Guava
79-
private import semmle.code.java.frameworks.google.GoogleHttpClientApi
8079
private import semmle.code.java.security.ResponseSplitting
8180
private import semmle.code.java.security.XSS
8281
}

java/ql/src/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,14 @@ import java
22
import semmle.code.java.Serializability
33
import semmle.code.java.dataflow.DataFlow
44
import semmle.code.java.dataflow.DataFlow5
5-
private import semmle.code.java.dataflow.ExternalFlow
5+
6+
/** The method `parseAs` in `com.google.api.client.http.HttpResponse`. */
7+
private class ParseAsMethod extends Method {
8+
ParseAsMethod() {
9+
this.getDeclaringType().hasQualifiedName("com.google.api.client.http", "HttpResponse") and
10+
this.hasName("parseAs")
11+
}
12+
}
613

714
private class TypeLiteralToParseAsFlowConfiguration extends DataFlow5::Configuration {
815
TypeLiteralToParseAsFlowConfiguration() {
@@ -11,17 +18,16 @@ private class TypeLiteralToParseAsFlowConfiguration extends DataFlow5::Configura
1118

1219
override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof TypeLiteral }
1320

14-
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "google-parse-as") }
21+
override predicate isSink(DataFlow::Node sink) {
22+
exists(MethodAccess ma |
23+
ma.getAnArgument() = sink.asExpr() and
24+
ma.getMethod() instanceof ParseAsMethod
25+
)
26+
}
1527

1628
TypeLiteral getSourceWithFlowToParseAs() { hasFlow(DataFlow::exprNode(result), _) }
1729
}
1830

19-
private class ParseAsSinkModel extends SinkModelCsv {
20-
override predicate row(string row) {
21-
row = ["com.google.api.client.http;HttpResponse;false;parseAs;;;Argument;google-parse-as"]
22-
}
23-
}
24-
2531
/** A field that is deserialized by `HttpResponse.parseAs`. */
2632
class HttpResponseParseAsDeserializableField extends DeserializableField {
2733
HttpResponseParseAsDeserializableField() {

0 commit comments

Comments
 (0)