Skip to content

Commit 52f71e4

Browse files
erik-krogherik-krogh
committed
small fixes based on review
1 parent b4b5ae2 commit 52f71e4

File tree

1 file changed

+5
-10
lines changed

1 file changed

+5
-10
lines changed

java/ql/lib/semmle/code/java/security/RequestForgery.qll

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ private predicate isContainsUrlSanitizer(Guard guard, Expr e, boolean branch) {
103103
* This `contains` method is usually called on a list, but the sanitizer matches any call to a method
104104
* called `contains`, so other methods with the same name will also be considered sanitizers.
105105
*/
106-
class ContainsUrlSanitizer extends RequestForgerySanitizer {
106+
private class ContainsUrlSanitizer extends RequestForgerySanitizer {
107107
ContainsUrlSanitizer() {
108108
this = DataFlow::BarrierGuard<isContainsUrlSanitizer/3>::getABarrierNode()
109109
}
@@ -115,11 +115,7 @@ class ContainsUrlSanitizer extends RequestForgerySanitizer {
115115
private predicate isRelativeUrlSanitizer(Guard guard, Expr e, boolean branch) {
116116
guard =
117117
any(MethodCall call |
118-
exists(Method method |
119-
call.getMethod() = method and
120-
method.getName() = "isAbsolute" and
121-
method.getDeclaringType().hasQualifiedName("java.net", "URI")
122-
) and
118+
call.getMethod().hasQualifiedName("java.net", "URI", "isAbsolute") and
123119
e = call.getQualifier() and
124120
branch = false
125121
)
@@ -128,7 +124,7 @@ private predicate isRelativeUrlSanitizer(Guard guard, Expr e, boolean branch) {
128124
/**
129125
* A check that the URL is relative, and therefore safe for URL redirects.
130126
*/
131-
class RelativeUrlSanitizer extends RequestForgerySanitizer {
127+
private class RelativeUrlSanitizer extends RequestForgerySanitizer {
132128
RelativeUrlSanitizer() {
133129
this = DataFlow::BarrierGuard<isRelativeUrlSanitizer/3>::getABarrierNode()
134130
}
@@ -145,8 +141,7 @@ private predicate isHostComparisonSanitizer(Guard guard, Expr e, boolean branch)
145141
branch = true and
146142
exists(MethodCall hostCall |
147143
hostCall = [equalsCall.getQualifier(), equalsCall.getArgument(0)] and
148-
hostCall.getMethod().getName() = "getHost" and
149-
hostCall.getMethod().getDeclaringType().hasQualifiedName("java.net", "URI") and
144+
hostCall.getMethod().hasQualifiedName("java.net", "URI", "getHost") and
150145
e = hostCall.getQualifier()
151146
)
152147
)
@@ -155,7 +150,7 @@ private predicate isHostComparisonSanitizer(Guard guard, Expr e, boolean branch)
155150
/**
156151
* A comparison on the `Host` property of a url, that is a sanitizer for URL redirects.
157152
*/
158-
class HostComparisonSanitizer extends RequestForgerySanitizer {
153+
private class HostComparisonSanitizer extends RequestForgerySanitizer {
159154
HostComparisonSanitizer() {
160155
this = DataFlow::BarrierGuard<isHostComparisonSanitizer/3>::getABarrierNode()
161156
}

0 commit comments

Comments
 (0)