Skip to content

Commit ac223ea

Browse files
egregius313egregius313
committed
Refactor Security.CWE.CWE-094.InsecureBeanValidation
1 parent 7aecefc commit ac223ea

File tree

1 file changed

+9
-8
lines changed

1 file changed

+9
-8
lines changed

java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
import java
1414
import semmle.code.java.dataflow.TaintTracking
1515
import semmle.code.java.dataflow.FlowSources
16-
import DataFlow::PathGraph
1716
private import semmle.code.java.dataflow.ExternalFlow
1817

1918
/**
@@ -56,14 +55,16 @@ class SetMessageInterpolatorCall extends MethodAccess {
5655
* Taint tracking BeanValidationConfiguration describing the flow of data from user input
5756
* to the argument of a method that builds constraint error messages.
5857
*/
59-
class BeanValidationConfig extends TaintTracking::Configuration {
60-
BeanValidationConfig() { this = "BeanValidationConfig" }
58+
private module BeanValidationConfig implements DataFlow::ConfigSig {
59+
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
6160

62-
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
63-
64-
override predicate isSink(DataFlow::Node sink) { sink instanceof BeanValidationSink }
61+
predicate isSink(DataFlow::Node sink) { sink instanceof BeanValidationSink }
6562
}
6663

64+
module BeanValidationFlow = TaintTracking::Make<BeanValidationConfig>;
65+
66+
import BeanValidationFlow::PathGraph
67+
6768
/**
6869
* A bean validation sink, such as method `buildConstraintViolationWithTemplate`
6970
* declared on a subtype of `javax.validation.ConstraintValidatorContext`.
@@ -72,13 +73,13 @@ private class BeanValidationSink extends DataFlow::Node {
7273
BeanValidationSink() { sinkNode(this, "bean-validation") }
7374
}
7475

75-
from BeanValidationConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink
76+
from BeanValidationFlow::PathNode source, BeanValidationFlow::PathNode sink
7677
where
7778
(
7879
not exists(SetMessageInterpolatorCall c)
7980
or
8081
exists(SetMessageInterpolatorCall c | not c.isSafe())
8182
) and
82-
cfg.hasFlowPath(source, sink)
83+
BeanValidationFlow::hasFlowPath(source, sink)
8384
select sink.getNode(), source, sink, "Custom constraint error message contains an unsanitized $@.",
8485
source, "user-provided value"

0 commit comments

Comments
 (0)