Skip to content

Commit 09b0d82

Browse files
committed
Java: Convert org.apache.http.Http*.get* methods to CSV based flow source
1 parent 3c8ac5c commit 09b0d82

2 files changed

Lines changed: 4 additions & 3 deletions

File tree

java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -136,7 +136,10 @@ private predicate sourceModelCsv(string row) {
136136
// CookieGet*
137137
"javax.servlet.http;Cookie;false;getValue;();;ReturnValue;remote",
138138
"javax.servlet.http;Cookie;false;getName;();;ReturnValue;remote",
139-
"javax.servlet.http;Cookie;false;getComment;();;ReturnValue;remote"
139+
"javax.servlet.http;Cookie;false;getComment;();;ReturnValue;remote",
140+
// ApacheHttp*
141+
"org.apache.http;HttpMessage;false;getParams;();;ReturnValue;remote",
142+
"org.apache.http;HttpEntity;false;getContent;();;ReturnValue;remote"
140143
]
141144
}
142145

java/ql/src/semmle/code/java/dataflow/FlowSources.qll

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -216,8 +216,6 @@ private class RemoteTaintedMethod extends Method {
216216
RemoteTaintedMethod() {
217217
this instanceof PlayRequestGetMethod or
218218
this instanceof SpringRestTemplateResponseEntityMethod or
219-
this instanceof ApacheHttpGetParams or
220-
this instanceof ApacheHttpEntityGetContent or
221219
// In the setting of Android we assume that XML has been transmitted over
222220
// the network, so may be tainted.
223221
this instanceof XmlPullGetMethod or

0 commit comments

Comments
 (0)