-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Java: Improve modelling of Spring requests, flow steps and XSS sinks #3653
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
aschackmull
merged 38 commits into
github:master
from
lcartey:java/improve-spring-support
Jul 8, 2020
Merged
Changes from 21 commits
Commits
Show all changes
38 commits
Select commit
Hold shift + click to select a range
f5dc033
Java: Improve modelling of Spring request methods
lcartey 4300bc8
Java: Update RemoteFlowSource to use improve Spring request parameter
lcartey 6de2b93
Java: Add SpringWebRequest to RemoteTaintedMethod
lcartey 7c4251d
Java: Add flow out of Map and List
lcartey bfcc06d
Java: Improve Spring controller modelling
lcartey fd2cd60
Java: Modelling of the Spring HTTP classes.
lcartey 1d12340
Java: Model Spring @ResponseBody methods.
lcartey 7d555a7
Java: Track flow through HttpEntity and ResponseEntity
lcartey c59042f
Java: Taint tracking through String.replace(all)?
lcartey 8057dff
Java: Add Spring XSS sinks
lcartey f6a99cb
Java: Model produces parameter to RequestMapping attribute.
lcartey e2cec58
Java: XSS - ignore Spring sinks when content-type is safe.
lcartey f6b2acc
Java: Model ResponseEntity.BodyBuilder
lcartey 0db7cea
Java: Model taint flow through ResponseEntity.
lcartey 8bd5f74
Java: SpringController - handle non-string literal produces values.
lcartey 8678d5f
Java: Model untrusted user data types
lcartey 93c28d4
Java: Add taint step to flow through Spring tainted user data class
lcartey cd6339f
Java: Add Spring flow out of HttpEntity and HttpHeader
lcartey 9625e82
Java: Model Spring WebClients/RestTemplates.
lcartey f2edc53
Java: Add Spring RestTemplate return values to untrusted data types
lcartey 2978af3
Java: Add RestTemplate as flow source.
lcartey 6de612a
Java: Split SpringWebRequestGetMethod into its own class.
aschackmull a41c2d8
Java: Make a few predicates private and autoformat SpringController.
aschackmull 2ae15f9
Java: Remove list, map, and StringReplaceMethod flow steps.
aschackmull 2ce0921
Java: Clean up SpringHttp.qll
aschackmull a80e663
Java: Minor typo fix and autoformat
aschackmull 5d8f9a7
Java: Misc grammar fixes.
aschackmull e6658c5
Java: Cleanup TaintTrackingUtil.qll
aschackmull 5e9e7fe
Java: Add some qldoc and minor formatting.
aschackmull b06d1c7
Java: More qldoc and some formatting.
aschackmull ae21de9
Java: Misc grammar and formatting.
aschackmull f98460c
Java: Use SpringHttpEntity class.
aschackmull 3fef5ca
Merge pull request #1 from aschackmull/java/spring-3653
lcartey 48e4759
Merge branch 'master' into java/spring-3653-2
aschackmull 581d496
Java: Fix LdapInjection qltest
aschackmull a4fe4f4
Java: Fix JndiInjection qltest
aschackmull b88ebd6
Java: Fix OgnlInjection qltest
aschackmull 443c13d
Merge pull request #2 from aschackmull/java/spring-3653-2
lcartey File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,19 +1,3 @@ | ||
| import java | ||
|
|
||
| /** A Spring framework annotation indicating remote user input from servlets. */ | ||
| class SpringServletInputAnnotation extends Annotation { | ||
| SpringServletInputAnnotation() { | ||
| exists(AnnotationType a | | ||
| a = this.getType() and | ||
| a.getPackage().getName() = "org.springframework.web.bind.annotation" | ||
| | | ||
| a.hasName("MatrixVariable") or | ||
| a.hasName("RequestParam") or | ||
| a.hasName("RequestHeader") or | ||
| a.hasName("CookieValue") or | ||
| a.hasName("RequestPart") or | ||
| a.hasName("PathVariable") or | ||
| a.hasName("RequestBody") | ||
| ) | ||
| } | ||
| } | ||
| import spring.SpringController | ||
| import spring.SpringWeb |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aschackmull Wouldn't it be better to replace these
regexMatchcalls with something like :