Skip to content

Commit 40bf093

Browse files
committed
Move shared code to the lib folder and update qldoc
1 parent fd533f2 commit 40bf093

File tree

4 files changed

+11
-8
lines changed

4 files changed

+11
-8
lines changed

java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.qhelp

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,12 @@
66

77
<overview>
88
<p>External Control of File Name or Path, also called File Path Injection, is a vulnerability by which
9-
a file path is created using data from outside the application (such as the HTTP request, the database, or
10-
the filesystem). It allows an attacker to traverse through the filesystem and access arbitrary files.</p>
9+
a file path is created using data from outside the application (such as the HTTP request). It allows
10+
an attacker to traverse through the filesystem and access arbitrary files.</p>
1111
</overview>
1212

1313
<recommendation>
14-
<p>Unsanitized user-provided data must not be used to construct the file path. In order to prevent File
14+
<p>Unsanitized user-provided data must not be used to construct file paths. In order to prevent File
1515
Path Injection, it is recommended to avoid concatenating user input directly into the file path. Instead,
1616
user input should be checked against allowed or disallowed paths (for example, the path must be within
1717
<code>/user_content/</code> or must not be within <code>/internal</code>), ensuring that neither path

java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ import java
1515
import semmle.code.java.dataflow.FlowSources
1616
import semmle.code.java.security.PathCreation
1717
import JFinalController
18-
import PathSanitizer
18+
import experimental.semmle.code.java.PathSanitizer
1919
import DataFlow::PathGraph
2020

2121
class InjectFilePathConfig extends TaintTracking::Configuration {

java/ql/src/experimental/Security/CWE/CWE-073/JFinalController.qll

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,23 +22,26 @@ class SetSessionAttributeMethod extends Method {
2222
}
2323
}
2424

25-
/** The request attribute getter method of `JFinalController`. */
25+
/** A request attribute getter method of `JFinalController`. */
2626
class GetRequestAttributeMethod extends Method {
2727
GetRequestAttributeMethod() {
2828
this.getName().matches("getAttr%") and
2929
this.getDeclaringType().getASupertype*() instanceof JFinalController
3030
}
3131
}
3232

33-
/** The request attribute setter method of `JFinalController`. */
33+
/** A request attribute setter method of `JFinalController`. */
3434
class SetRequestAttributeMethod extends Method {
3535
SetRequestAttributeMethod() {
3636
this.getName() = ["set", "setAttr"] and
3737
this.getDeclaringType().getASupertype*() instanceof JFinalController
3838
}
3939
}
4040

41-
/** Value step from the setter call to the getter call of a session or request attribute. */
41+
/**
42+
* Value step from a setter call to a corresponding getter call relating to a
43+
* session or request attribute.
44+
*/
4245
private class SetToGetAttributeStep extends AdditionalValueStep {
4346
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
4447
exists(MethodAccess gma, MethodAccess sma |
@@ -58,7 +61,7 @@ private class SetToGetAttributeStep extends AdditionalValueStep {
5861
}
5962
}
6063

61-
/** Source model of remote flow source with `JFinal`. */
64+
/** Remote flow source models relating to `JFinal`. */
6265
private class JFinalControllerSource extends SourceModelCsv {
6366
override predicate row(string row) {
6467
row =

0 commit comments

Comments
 (0)