Merge pull request github#3927 from rvermeulen/java-importable-cwe-601

aschackmull · web-flow · commit c8b9b779ae12 · 2020-07-09T16:03:29.000+02:00
Java: Move `UrlRedirectSink` into importable library
diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
@@ -12,7 +12,7 @@
 
 import java
 import semmle.code.java.dataflow.FlowSources
-import UrlRedirect
+import semmle.code.java.security.UrlRedirect
 import DataFlow::PathGraph
 
 class UrlRedirectConfig extends TaintTracking::Configuration {
diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql
@@ -12,7 +12,7 @@
 
 import java
 import semmle.code.java.dataflow.FlowSources
-import UrlRedirect
+import semmle.code.java.security.UrlRedirect
 import DataFlow::PathGraph
 
 class UrlRedirectLocalConfig extends TaintTracking::Configuration {
diff --git a/java/ql/src/semmle/code/java/security/UrlRedirect.qll b/java/ql/src/semmle/code/java/security/UrlRedirect.qll
@@ -1,12 +1,15 @@
+/** Provides classes to reason about URL redirect attacks. */
+
 import java
-import semmle.code.java.frameworks.Servlets
 import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.frameworks.Servlets
+
+/** A URL redirection sink */
+abstract class UrlRedirectSink extends DataFlow::Node { }
 
-/**
- * A URL redirection sink.
- */
-class UrlRedirectSink extends DataFlow::ExprNode {
-  UrlRedirectSink() {
+/** A Servlet URL redirection sink. */
+private class ServletUrlRedirectSink extends UrlRedirectSink {
+  ServletUrlRedirectSink() {
     exists(MethodAccess ma |
       ma.getMethod() instanceof HttpServletResponseSendRedirectMethod and
       this.asExpr() = ma.getArgument(0)
