Skip to content

Commit 4bc10f9

Browse files
erik-krogherik-krogh
committed
explicitly import required frameworks that were previously implicitly imported
1 parent 14d83ab commit 4bc10f9

File tree

11 files changed

+14
-0
lines changed

11 files changed

+14
-0
lines changed

java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import semmle.code.java.dataflow.DataFlow2
66
import semmle.code.java.dataflow.TaintTracking
77
import semmle.code.java.dataflow.TaintTracking3
88
import semmle.code.java.security.AndroidIntentRedirection
9+
private import semmle.code.java.frameworks.android.Intent
910

1011
/**
1112
* A taint tracking configuration for tainted Intents being used to start Android components.

java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ import semmle.code.java.dataflow.TaintTracking
1515
import semmle.code.java.dataflow.FlowSources
1616
import semmle.code.java.dataflow.ExternalFlow
1717
import DataFlow::PathGraph
18+
private import semmle.code.java.frameworks.Networking
1819

1920
class UrlConstructor extends ClassInstanceExpr {
2021
UrlConstructor() { this.getConstructor().getDeclaringType() instanceof TypeUrl }

java/ql/src/experimental/Security/CWE/CWE-073/JFinalController.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
import java
22
private import semmle.code.java.dataflow.ExternalFlow
33
private import semmle.code.java.dataflow.FlowSources
4+
private import semmle.code.java.dataflow.FlowSteps
45

56
/** The class `com.jfinal.core.Controller`. */
67
class JFinalController extends RefType {

java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
import java
1313
import SpringViewManipulationLib
14+
private import semmle.code.java.frameworks.Servlets
1415

1516
private predicate canResultInImplicitViewConversion(Method m) {
1617
m.getReturnType() instanceof VoidType

java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import semmle.code.java.dataflow.FlowSources
77
import semmle.code.java.dataflow.TaintTracking
88
import semmle.code.java.frameworks.spring.Spring
99
import SpringFrameworkLib
10+
private import semmle.code.xml.MavenPom
1011

1112
/** Holds if `Thymeleaf` templating engine is used in the project. */
1213
predicate thymeleafIsUsed() {

java/ql/src/experimental/Security/CWE/CWE-200/AndroidFileIntentSource.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import java
44
import semmle.code.java.dataflow.FlowSources
55
import semmle.code.java.dataflow.TaintTracking2
66
import semmle.code.java.frameworks.android.Android
7+
private import semmle.code.java.frameworks.android.Intent
78

89
/** The `startActivityForResult` method of Android's `Activity` class. */
910
class StartActivityForResultMethod extends Method {

java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ import semmle.code.java.frameworks.Servlets
1515
import semmle.code.java.dataflow.TaintTracking
1616
import semmle.code.java.dataflow.TaintTracking2
1717
import DataFlow::PathGraph
18+
private import semmle.code.java.Collections
19+
private import semmle.code.java.Maps
1820

1921
/**
2022
* Holds if `header` sets `Access-Control-Allow-Credentials` to `true`. This ensures fair chances of exploitability.

java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ import semmle.code.java.dataflow.TaintTracking
1717
import experimental.semmle.code.java.frameworks.Jsf
1818
import experimental.semmle.code.java.PathSanitizer
1919
import DataFlow::PathGraph
20+
private import semmle.code.java.frameworks.Servlets
2021

2122
class UnsafeUrlForwardFlowConfig extends TaintTracking::Configuration {
2223
UnsafeUrlForwardFlowConfig() { this = "UnsafeUrlForwardFlowConfig" }

java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@ private import semmle.code.java.dataflow.ExternalFlow
44
private import semmle.code.java.dataflow.FlowSources
55
private import semmle.code.java.dataflow.StringPrefixes
66
private import semmle.code.java.frameworks.javaee.ejb.EJBRestrictions
7+
private import semmle.code.java.frameworks.Servlets
8+
private import semmle.code.java.frameworks.spring.SpringWeb
9+
private import semmle.code.java.frameworks.spring.SpringController
710

811
/** A sink for unsafe URL forward vulnerabilities. */
912
abstract class UnsafeUrlForwardSink extends DataFlow::Node { }

java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ import semmle.code.java.dataflow.FlowSources
1414
import semmle.code.java.dataflow.TaintTracking
1515
import semmle.code.java.security.SensitiveActions
1616
import DataFlow::PathGraph
17+
private import semmle.code.java.frameworks.Servlets
1718

1819
/** A variable that holds sensitive information judging by its name. */
1920
class SensitiveInfoExpr extends Expr {

0 commit comments

Comments
 (0)