Skip to content

Commit 782573e

Browse files
rvermeulenrvermeulen
committed
Add and format qldocs according to the style guide.
1 parent 4ad6357 commit 782573e

File tree

1 file changed

+6
-9
lines changed

1 file changed

+6
-9
lines changed

java/ql/src/semmle/code/java/security/ResponseSplitting.qll

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,17 @@
1+
/** Provides classes to reason about header splitting attacks. */
2+
13
import java
24
import semmle.code.java.dataflow.DataFlow
35
import semmle.code.java.frameworks.Servlets
46
import semmle.code.java.frameworks.JaxWS
57

6-
/**
7-
* Header-splitting sinks. Expressions that end up in an HTTP header.
8-
*/
8+
/** Header-splitting sinks. Expressions that end up in an HTTP header. */
99
abstract class HeaderSplittingSink extends DataFlow::Node { }
1010

11-
/**
12-
* Sources that cannot be used to perform a header splitting attack.
13-
*/
11+
/** Sources that cannot be used to perform a header splitting attack. */
1412
abstract class SafeHeaderSplittingSource extends DataFlow::Node { }
1513

16-
/**
17-
* Header-splitting sinks. Expressions that end up in an HTTP header.
18-
*/
14+
/** Servlet and JaxWS sinks susceptible to header splitting. */
1915
private class ServletHeaderSplittingSink extends HeaderSplittingSink {
2016
ServletHeaderSplittingSink() {
2117
exists(ResponseAddCookieMethod m, MethodAccess ma |
@@ -41,6 +37,7 @@ private class ServletHeaderSplittingSink extends HeaderSplittingSink {
4137
}
4238
}
4339

40+
/** Servlet sources considered safe regarding header splitting */
4441
private class ServletSafeHeaderSplittingSource extends SafeHeaderSplittingSource {
4542
ServletSafeHeaderSplittingSource() {
4643
this.asExpr().(MethodAccess).getMethod() instanceof HttpServletRequestGetHeaderMethod or

0 commit comments

Comments
 (0)