HTTP -> Http

pwntester · pwntester · commit a3a215afea12 · 2021-06-02T11:12:39.000+02:00
diff --git a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
@@ -83,9 +83,9 @@ predicate stackTraceExpr(Expr exception, MethodAccess stackTraceString) {
   )
 }
 
-class StackTraceStringToHTTPResponseSinkFlowConfig extends TaintTracking::Configuration {
-  StackTraceStringToHTTPResponseSinkFlowConfig() {
-    this = "StackTraceExposure::StackTraceStringToHTTPResponseSinkFlowConfig"
+class StackTraceStringToHttpResponseSinkFlowConfig extends TaintTracking::Configuration {
+  StackTraceStringToHttpResponseSinkFlowConfig() {
+    this = "StackTraceExposure::StackTraceStringToHttpResponseSinkFlowConfig"
   }
 
   override predicate isSource(DataFlow::Node src) { stackTraceExpr(_, src.asExpr()) }
@@ -106,7 +106,7 @@ predicate printsStackExternally(MethodAccess call, Expr stackTrace) {
  * A stringified stack trace flows to an external sink.
  */
 predicate stringifiedStackFlowsExternally(DataFlow::Node externalExpr, Expr stackTrace) {
-  exists(MethodAccess stackTraceString, StackTraceStringToHTTPResponseSinkFlowConfig conf |
+  exists(MethodAccess stackTraceString, StackTraceStringToHttpResponseSinkFlowConfig conf |
     stackTraceExpr(stackTrace, stackTraceString) and
     conf.hasFlow(DataFlow::exprNode(stackTraceString), externalExpr)
   )
@@ -123,9 +123,9 @@ class GetMessageFlowSource extends MethodAccess {
   }
 }
 
-class GetMessageFlowSourceToHTTPResponseSinkFlowConfig extends TaintTracking::Configuration {
-  GetMessageFlowSourceToHTTPResponseSinkFlowConfig() {
-    this = "StackTraceExposure::GetMessageFlowSourceToHTTPResponseSinkFlowConfig"
+class GetMessageFlowSourceToHttpResponseSinkFlowConfig extends TaintTracking::Configuration {
+  GetMessageFlowSourceToHttpResponseSinkFlowConfig() {
+    this = "StackTraceExposure::GetMessageFlowSourceToHttpResponseSinkFlowConfig"
   }
 
   override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof GetMessageFlowSource }
@@ -137,7 +137,7 @@ class GetMessageFlowSourceToHTTPResponseSinkFlowConfig extends TaintTracking::Co
  * A call to `getMessage()` that then flows to a servlet response.
  */
 predicate getMessageFlowsExternally(DataFlow::Node externalExpr, GetMessageFlowSource getMessage) {
-  any(GetMessageFlowSourceToHTTPResponseSinkFlowConfig conf)
+  any(GetMessageFlowSourceToHttpResponseSinkFlowConfig conf)
       .hasFlow(DataFlow::exprNode(getMessage), externalExpr)
 }
 

Original file line number	Diff line number	Diff line change
`@@ -83,9 +83,9 @@ predicate stackTraceExpr(Expr exception, MethodAccess stackTraceString) {`
`83`	`83`	`)`
`84`	`84`	`}`
`85`	`85`
`86`		`-class StackTraceStringToHTTPResponseSinkFlowConfig extends TaintTracking::Configuration {`
`87`		`- StackTraceStringToHTTPResponseSinkFlowConfig() {`
`88`		`- this = "StackTraceExposure::StackTraceStringToHTTPResponseSinkFlowConfig"`
	`86`	`+class StackTraceStringToHttpResponseSinkFlowConfig extends TaintTracking::Configuration {`
	`87`	`+ StackTraceStringToHttpResponseSinkFlowConfig() {`
	`88`	`+ this = "StackTraceExposure::StackTraceStringToHttpResponseSinkFlowConfig"`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`override predicate isSource(DataFlow::Node src) { stackTraceExpr(_, src.asExpr()) }`
`@@ -106,7 +106,7 @@ predicate printsStackExternally(MethodAccess call, Expr stackTrace) {`
`106`	`106`	`* A stringified stack trace flows to an external sink.`
`107`	`107`	`*/`
`108`	`108`	`predicate stringifiedStackFlowsExternally(DataFlow::Node externalExpr, Expr stackTrace) {`
`109`		`- exists(MethodAccess stackTraceString, StackTraceStringToHTTPResponseSinkFlowConfig conf \|`
	`109`	`+ exists(MethodAccess stackTraceString, StackTraceStringToHttpResponseSinkFlowConfig conf \|`
`110`	`110`	`stackTraceExpr(stackTrace, stackTraceString) and`
`111`	`111`	`conf.hasFlow(DataFlow::exprNode(stackTraceString), externalExpr)`
`112`	`112`	`)`
`@@ -123,9 +123,9 @@ class GetMessageFlowSource extends MethodAccess {`
`123`	`123`	`}`
`124`	`124`	`}`
`125`	`125`
`126`		`-class GetMessageFlowSourceToHTTPResponseSinkFlowConfig extends TaintTracking::Configuration {`
`127`		`- GetMessageFlowSourceToHTTPResponseSinkFlowConfig() {`
`128`		`- this = "StackTraceExposure::GetMessageFlowSourceToHTTPResponseSinkFlowConfig"`
	`126`	`+class GetMessageFlowSourceToHttpResponseSinkFlowConfig extends TaintTracking::Configuration {`
	`127`	`+ GetMessageFlowSourceToHttpResponseSinkFlowConfig() {`
	`128`	`+ this = "StackTraceExposure::GetMessageFlowSourceToHttpResponseSinkFlowConfig"`
`129`	`129`	`}`
`130`	`130`
`131`	`131`	`override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof GetMessageFlowSource }`
`@@ -137,7 +137,7 @@ class GetMessageFlowSourceToHTTPResponseSinkFlowConfig extends TaintTracking::Co`
`137`	`137`	* A call to `getMessage()` that then flows to a servlet response.
`138`	`138`	`*/`
`139`	`139`	`predicate getMessageFlowsExternally(DataFlow::Node externalExpr, GetMessageFlowSource getMessage) {`
`140`		`- any(GetMessageFlowSourceToHTTPResponseSinkFlowConfig conf)`
	`140`	`+ any(GetMessageFlowSourceToHttpResponseSinkFlowConfig conf)`
`141`	`141`	`.hasFlow(DataFlow::exprNode(getMessage), externalExpr)`
`142`	`142`	`}`
`143`	`143`