Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql

haby0 · smowton · web-flow · commit 7be45e7c5e45 · 2021-04-13T23:56:17.000+08:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
@@ -52,7 +52,7 @@ class RequestResponseFlowConfig extends TaintTracking::Configuration {
 
   override predicate isSink(DataFlow::Node sink) {
     sink instanceof XssSink and
-    getACallingCallableOrSelf(sink.getEnclosingCallable()) instanceof RequestGetMethod
+    any(RequestGetMethod m).polyCalls*(source.getEnclosingCallable())
   }
 
   override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ class RequestResponseFlowConfig extends TaintTracking::Configuration {`
`52`	`52`
`53`	`53`	`override predicate isSink(DataFlow::Node sink) {`
`54`	`54`	`sink instanceof XssSink and`
`55`		`- getACallingCallableOrSelf(sink.getEnclosingCallable()) instanceof RequestGetMethod`
	`55`	`+ any(RequestGetMethod m).polyCalls*(source.getEnclosingCallable())`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {`