Skip to content

Commit 295e866

Browse files
JLLeitschuhJLLeitschuh
committed
Java: Simple support for Ratpack HTTP Framework
1 parent 5a9e098 commit 295e866

File tree

2 files changed

+63
-0
lines changed

2 files changed

+63
-0
lines changed

java/ql/src/semmle/code/java/dataflow/FlowSources.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ import semmle.code.java.frameworks.JaxWS
1818
import semmle.code.java.frameworks.javase.WebSocket
1919
import semmle.code.java.frameworks.android.Android
2020
import semmle.code.java.frameworks.android.Intent
21+
import semmle.code.java.frameworks.ratpack.RatpackHttp
2122
import semmle.code.java.frameworks.spring.SpringWeb
2223
import semmle.code.java.frameworks.spring.SpringController
2324
import semmle.code.java.frameworks.spring.SpringWebClient
@@ -267,6 +268,9 @@ private class RemoteTaintedMethod extends Method {
267268
this instanceof SocketGetInputStreamMethod or
268269
this instanceof ApacheHttpGetParams or
269270
this instanceof ApacheHttpEntityGetContent or
271+
this instanceof RatpackHttpRequestGetMethod or
272+
this instanceof RatpackHttpTypedDataGetMethod or
273+
this instanceof RatpackUploadFileGetMethod or
270274
// In the setting of Android we assume that XML has been transmitted over
271275
// the network, so may be tainted.
272276
this instanceof XmlPullGetMethod or

java/ql/src/semmle/code/java/frameworks/ratpack/RatpackHttp.qll

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
/**
2+
* Provides classes and predicates related to `ratpack.http.*`.
3+
*/
4+
5+
import java
6+
7+
/**
8+
* The interface `ratpack.http.Request`.
9+
* https://ratpack.io/manual/current/api/ratpack/http/Request.html
10+
*/
11+
library class RatpackRequest extends RefType {
12+
RatpackRequest() { hasQualifiedName("ratpack.http", "Request") }
13+
}
14+
15+
/**
16+
* Methods on `ratpack.http.Request` that return user tainted data.
17+
*/
18+
library class RatpackHttpRequestGetMethod extends Method {
19+
RatpackHttpRequestGetMethod() {
20+
getDeclaringType() instanceof RatpackRequest and
21+
hasName([
22+
"getContentLength", "getCookies", "getHeaders", "getPath", "getQuery", "getQueryParams",
23+
"getRawUri", "getUri"
24+
])
25+
}
26+
}
27+
28+
/**
29+
* The interface `ratpack.http.TypedData`.
30+
* https://ratpack.io/manual/current/api/ratpack/http/TypedData.html
31+
*/
32+
library class RatpackTypedData extends RefType {
33+
RatpackTypedData() { hasQualifiedName("ratpack.http", "TypedData") }
34+
}
35+
36+
/**
37+
* Methods on `ratpack.http.TypedData` that return user tainted data.
38+
*/
39+
library class RatpackHttpTypedDataGetMethod extends Method {
40+
RatpackHttpTypedDataGetMethod() {
41+
getDeclaringType() instanceof RatpackTypedData and
42+
hasName(["getBuffer", "getBytes", "getContentType", "getInputStream", "getText"])
43+
}
44+
}
45+
46+
/**
47+
* The interface `ratpack.form.UploadedFile`.
48+
* https://ratpack.io/manual/current/api/ratpack/form/UploadedFile.html
49+
*/
50+
library class RatpackUploadFile extends RefType {
51+
RatpackUploadFile() { hasQualifiedName("ratpack.form", "UploadedFile") }
52+
}
53+
54+
library class RatpackUploadFileGetMethod extends Method {
55+
RatpackUploadFileGetMethod() {
56+
getDeclaringType() instanceof RatpackUploadFile and
57+
hasName("getFileName")
58+
}
59+
}

0 commit comments

Comments
 (0)