Skip to content

Commit 6b76f42

Browse files
committed
Broaden PrimitiveSanitizer to include boxed primitives and other java.lang.Numbers
1 parent 3167af2 commit 6b76f42

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

java/ql/src/semmle/code/java/security/RequestForgery.qll

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -215,7 +215,11 @@ private class SpringRestTemplateUrlMethodAccess extends MethodAccess {
215215
abstract class RequestForgerySanitizer extends DataFlow::Node { }
216216

217217
private class PrimitiveSanitizer extends RequestForgerySanitizer {
218-
PrimitiveSanitizer() { this.getType() instanceof PrimitiveType }
218+
PrimitiveSanitizer() {
219+
this.getType() instanceof PrimitiveType or
220+
this.getType() instanceof BoxedType or
221+
this.getType() instanceof NumberType
222+
}
219223
}
220224

221225
private class HostnameSanitizingPrefix extends CompileTimeConstantExpr {

0 commit comments

Comments
 (0)