Add argument indices to HTTP header splitting sinks

tamasvajk · tamasvajk · commit 9b1c54e81b66 · 2021-04-22T11:17:25.000+02:00
diff --git a/java/ql/src/semmle/code/java/security/ResponseSplitting.qll b/java/ql/src/semmle/code/java/security/ResponseSplitting.qll
@@ -17,8 +17,8 @@ private class HeaderSplittingSinkModel extends SinkModelCsv {
     row =
       [
         "javax.servlet.http;HttpServletResponse;false;addCookie;;;Argument[0];header-splitting",
-        "javax.servlet.http;HttpServletResponse;false;addHeader;;;Argument;header-splitting",
-        "javax.servlet.http;HttpServletResponse;false;setHeader;;;Argument;header-splitting",
+        "javax.servlet.http;HttpServletResponse;false;addHeader;;;Argument[0..1];header-splitting",
+        "javax.servlet.http;HttpServletResponse;false;setHeader;;;Argument[0..1];header-splitting",
         "javax.ws.rs.core;ResponseBuilder;false;header;;;Argument[1];header-splitting"
       ]
   }

Original file line number	Diff line number	Diff line change
`@@ -17,8 +17,8 @@ private class HeaderSplittingSinkModel extends SinkModelCsv {`
`17`	`17`	`row =`
`18`	`18`	`[`
`19`	`19`	`"javax.servlet.http;HttpServletResponse;false;addCookie;;;Argument[0];header-splitting",`
`20`		`- "javax.servlet.http;HttpServletResponse;false;addHeader;;;Argument;header-splitting",`
`21`		`- "javax.servlet.http;HttpServletResponse;false;setHeader;;;Argument;header-splitting",`
	`20`	`+ "javax.servlet.http;HttpServletResponse;false;addHeader;;;Argument[0..1];header-splitting",`
	`21`	`+ "javax.servlet.http;HttpServletResponse;false;setHeader;;;Argument[0..1];header-splitting",`
`22`	`22`	`"javax.ws.rs.core;ResponseBuilder;false;header;;;Argument[1];header-splitting"`
`23`	`23`	`]`
`24`	`24`	`}`