Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql

haby0 · smowton · web-flow · commit 8b756d7f1bcf · 2021-04-10T09:27:03.000+08:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
@@ -28,7 +28,11 @@ predicate existsFilterVerificationMethod() {
   )
 }
 
-/** Determine whether there is a verification method for the remote streaming source data flow path method. */
+/** 
+ * Holds if somewhere in the whole program some user-controlled
+ * input is tested with what appears to be a token- or authentication-checking function,
+ * and `checkNode` is reachable from any function that can reach the user-controlled input source.
+ */
 predicate existsServletVerificationMethod(Node checkNode) {
   exists(DataFlow::Node source, DataFlow::Node sink, VerificationMethodFlowConfig vmfc |
     vmfc.hasFlow(source, sink) and

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,11 @@ predicate existsFilterVerificationMethod() {`
`28`	`28`	`)`
`29`	`29`	`}`
`30`	`30`
`31`		`-/** Determine whether there is a verification method for the remote streaming source data flow path method. */`
	`31`	`+/**`
	`32`	`+ * Holds if somewhere in the whole program some user-controlled`
	`33`	`+ * input is tested with what appears to be a token- or authentication-checking function,`
	`34`	+ * and `checkNode` is reachable from any function that can reach the user-controlled input source.
	`35`	`+ */`
`32`	`36`	`predicate existsServletVerificationMethod(Node checkNode) {`
`33`	`37`	`exists(DataFlow::Node source, DataFlow::Node sink, VerificationMethodFlowConfig vmfc \|`
`34`	`38`	`vmfc.hasFlow(source, sink) and`