Skip to content

Commit b147be6

Browse files
rvermeulenrvermeulen
committed
Restrict SafeHeaderSplittingSource to RemoteFlowSource
1 parent 782573e commit b147be6

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

java/ql/src/semmle/code/java/security/ResponseSplitting.qll

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,17 @@
22

33
import java
44
import semmle.code.java.dataflow.DataFlow
5+
import semmle.code.java.dataflow.FlowSources
56
import semmle.code.java.frameworks.Servlets
67
import semmle.code.java.frameworks.JaxWS
78

89
/** Header-splitting sinks. Expressions that end up in an HTTP header. */
910
abstract class HeaderSplittingSink extends DataFlow::Node { }
1011

1112
/** Sources that cannot be used to perform a header splitting attack. */
12-
abstract class SafeHeaderSplittingSource extends DataFlow::Node { }
13+
abstract class SafeHeaderSplittingSource extends DataFlow::Node {
14+
SafeHeaderSplittingSource() { this instanceof RemoteFlowSource }
15+
}
1316

1417
/** Servlet and JaxWS sinks susceptible to header splitting. */
1518
private class ServletHeaderSplittingSink extends HeaderSplittingSink {

0 commit comments

Comments
 (0)