Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll

haby0 · smowton · web-flow · commit 5d05e4d22413 · 2021-04-15T17:28:53.000+08:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
@@ -21,7 +21,7 @@ abstract class RequestGetMethod extends Method {
 
 /** Override method of `doGet` of `Servlet` subclass. */
 private class ServletGetMethod extends RequestGetMethod {
-  ServletGetMethod() { this instanceof DoGetServletMethod }
+  ServletGetMethod() { isServletRequestMethod(this) and m.getName() = "doGet" }
 }
 
 /** The method of SpringController class processing `get` request. */

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ abstract class RequestGetMethod extends Method {`
`21`	`21`
`22`	`22`	/** Override method of `doGet` of `Servlet` subclass. */
`23`	`23`	`private class ServletGetMethod extends RequestGetMethod {`
`24`		`- ServletGetMethod() { this instanceof DoGetServletMethod }`
	`24`	`+ ServletGetMethod() { isServletRequestMethod(this) and m.getName() = "doGet" }`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	/** The method of SpringController class processing `get` request. */