FilesExpand file tree

 main

/

UrlRedirect.qll

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

26 lines (23 loc) · 824 Bytes

 main

/

UrlRedirect.qll

Top

File metadata and controls

• Code
• Blame

26 lines (23 loc) · 824 Bytes

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

/** Provides classes to reason about URL redirect attacks. */

import java

import semmle.code.java.dataflow.DataFlow

import semmle.code.java.frameworks.Servlets

/** A URL redirection sink */

abstract class UrlRedirectSink extends DataFlow::Node { }

/** A Servlet URL redirection sink. */

private class ServletUrlRedirectSink extends UrlRedirectSink {

ServletUrlRedirectSink() {

exists(MethodAccess ma |

ma.getMethod() instanceof HttpServletResponseSendRedirectMethod and

this.asExpr() = ma.getArgument(0)

)

or

exists(MethodAccess ma |

ma.getMethod() instanceof ResponseSetHeaderMethod or

ma.getMethod() instanceof ResponseAddHeaderMethod

|

ma.getArgument(0).(CompileTimeConstantExpr).getStringValue() = "Location" and

this.asExpr() = ma.getArgument(1)

)

}

}