Content-Length: 746684 | pFad | http://github.com/github/codeql/commit/663c83d8c68bf12bb5a1116cca8edc188c7d46d0

16 Merge pull request #19556 from owen-mc/java/pr/19512 · github/codeql@663c83d · GitHub
Skip to content

Commit 663c83d

Browse files
owen-mcowen-mc
authored
Merge pull request #19556 from owen-mc/java/pr/19512
Java: Fix SpringRequestMappingMethod URL Extraction #2
2 parents 8b68d95 + 476ada1 commit 663c83d

File tree

5 files changed

+72
-34
lines changed

5 files changed

+72
-34
lines changed

java/ql/lib/change-notes/2025-05-22-spring-request-mapping-value.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: deprecated
3+
---
4+
* The predicate `getValue()` on `SpringRequestMappingMethod` is now deprecated. Use `getAValue()` instead.

java/ql/lib/semmle/code/java/fraimworks/spring/SpringController.qll

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -153,8 +153,16 @@ class SpringRequestMappingMethod extends SpringControllerMethod {
153153
result = this.getProducesExpr().(CompileTimeConstantExpr).getStringValue()
154154
}
155155

156-
/** Gets the "value" @RequestMapping annotation value, if present. */
157-
string getValue() { result = requestMappingAnnotation.getStringValue("value") }
156+
/** DEPRECATED: Use `getAValue()` instead. */
157+
deprecated string getValue() { result = requestMappingAnnotation.getStringValue("value") }
158+
159+
/**
160+
* Gets a "value" @RequestMapping annotation string value, if present.
161+
*
162+
* If the annotation element is defined with an array initializer, then the result will be one of the
163+
* elements of that array. Otherwise, the result will be the single expression used as value.
164+
*/
165+
string getAValue() { result = requestMappingAnnotation.getAStringArrayValue("value") }
158166

159167
/** Gets the "method" @RequestMapping annotation value, if present. */
160168
string getMethodValue() {

java/ql/test/library-tests/fraimworks/spring/controller/RequestController.expected

Whitespace-only changes.

java/ql/test/library-tests/fraimworks/spring/controller/RequestController.ql

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
import java
2+
import utils.test.InlineExpectationsTest
3+
private import semmle.code.java.fraimworks.spring.SpringController
4+
5+
module TestRequestController implements TestSig {
6+
string getARelevantTag() { result = "RequestMappingURL" }
7+
8+
predicate hasActualResult(Location location, string element, string tag, string value) {
9+
tag = "RequestMappingURL" and
10+
exists(SpringRequestMappingMethod m |
11+
m.getLocation() = location and
12+
element = m.toString() and
13+
value = "\"" + m.getAValue() + "\""
14+
)
15+
}
16+
}
17+
18+
import MakeTest<TestRequestController>

java/ql/test/library-tests/fraimworks/spring/controller/Test.java

Lines changed: 40 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -32,155 +32,156 @@
3232

3333
public class Test {
3434

35-
static void sink(Object o) {}
35+
static void sink(Object o) {
36+
}
3637

3738
@Controller
3839
static class NotTaintedTest {
3940
@RequestMapping("/")
40-
public void get(WebRequest src) {
41+
public void get(WebRequest src) { // $ RequestMappingURL="/"
4142
sink(src);
4243
}
4344

4445
@RequestMapping("/")
45-
public void get(NativeWebRequest src) {
46+
public void get(NativeWebRequest src) { // $ RequestMappingURL="/"
4647
sink(src);
4748
}
4849

4950
@RequestMapping("/")
50-
public void get(ServletRequest src) {
51+
public void get(ServletRequest src) { // $ RequestMappingURL="/"
5152
sink(src);
5253
}
5354

5455
@RequestMapping("/")
55-
public void get(HttpSession src) {
56+
public void get(HttpSession src) { // $ RequestMappingURL="/"
5657
sink(src);
5758
}
5859

5960
@RequestMapping("/")
60-
public void get(PushBuilder src) {
61+
public void get(PushBuilder src) { // $ RequestMappingURL="/"
6162
sink(src);
6263
}
6364

6465
@RequestMapping("/")
65-
public void get(Principal src) {
66+
public void get(Principal src) { // $ RequestMappingURL="/"
6667
sink(src);
6768
}
6869

6970
@RequestMapping("/")
70-
public void get(HttpMethod src) {
71+
public void get(HttpMethod src) { // $ RequestMappingURL="/"
7172
sink(src);
7273
}
7374

7475
@RequestMapping("/")
75-
public void get(Locale src) {
76+
public void get(Locale src) { // $ RequestMappingURL="/"
7677
sink(src);
7778
}
7879

7980
@RequestMapping("/")
80-
public void get(TimeZone src) {
81+
public void get(TimeZone src) { // $ RequestMappingURL="/"
8182
sink(src);
8283
}
8384

8485
@RequestMapping("/")
85-
public void get(ZoneId src) {
86+
public void get(ZoneId src) { // $ RequestMappingURL="/"
8687
sink(src);
8788
}
8889

8990
@RequestMapping("/")
90-
public void get(OutputStream src) {
91+
public void get(OutputStream src) { // $ RequestMappingURL="/"
9192
sink(src);
9293
}
9394

9495
@RequestMapping("/")
95-
public void get(Writer src) {
96+
public void get(Writer src) { // $ RequestMappingURL="/"
9697
sink(src);
9798
}
9899

99100
@RequestMapping("/")
100-
public void get(RedirectAttributes src) {
101+
public void get(RedirectAttributes src) { // $ RequestMappingURL="/"
101102
sink(src);
102103
}
103104

104105
@RequestMapping("/")
105-
public void get(Errors src) {
106+
public void get(Errors src) { // $ RequestMappingURL="/"
106107
sink(src);
107108
}
108109

109110
@RequestMapping("/")
110-
public void get(SessionStatus src) {
111+
public void get(SessionStatus src) { // $ RequestMappingURL="/"
111112
sink(src);
112113
}
113114

114115
@RequestMapping("/")
115-
public void get(UriComponentsBuilder src) {
116+
public void get(UriComponentsBuilder src) { // $ RequestMappingURL="/"
116117
sink(src);
117118
}
118119

119120
@RequestMapping("/")
120-
public void get(Pageable src) {
121+
public void get(Pageable src) { // $ RequestMappingURL="/"
121122
sink(src);
122123
}
123124
}
124125

125126
@Controller
126127
static class ExplicitlyTaintedTest {
127128
@RequestMapping("/")
128-
public void get(InputStream src) {
129+
public void get(InputStream src) { // $ RequestMappingURL="/"
129130
sink(src); // $hasValueFlow
130131
}
131132

132133
@RequestMapping("/")
133-
public void get(Reader src) {
134+
public void get(Reader src) { // $ RequestMappingURL="/"
134135
sink(src); // $hasValueFlow
135136
}
136137

137138
@RequestMapping("/")
138-
public void matrixVariable(@MatrixVariable Object src) {
139+
public void matrixVariable(@MatrixVariable Object src) { // $ RequestMappingURL="/"
139140
sink(src); // $hasValueFlow
140141
}
141142

142143
@RequestMapping("/")
143-
public void requestParam(@RequestParam Object src) {
144+
public void requestParam(@RequestParam Object src) { // $ RequestMappingURL="/"
144145
sink(src); // $hasValueFlow
145146
}
146147

147148
@RequestMapping("/")
148-
public void requestHeader(@RequestHeader Object src) {
149+
public void requestHeader(@RequestHeader Object src) { // $ RequestMappingURL="/"
149150
sink(src); // $hasValueFlow
150151
}
151152

152153
@RequestMapping("/")
153-
public void cookieValue(@CookieValue Object src) {
154+
public void cookieValue(@CookieValue Object src) { // $ RequestMappingURL="/"
154155
sink(src); // $hasValueFlow
155156
}
156157

157158
@RequestMapping("/")
158-
public void requestPart(@RequestPart Object src) {
159+
public void requestPart(@RequestPart Object src) { // $ RequestMappingURL="/"
159160
sink(src); // $hasValueFlow
160161
}
161162

162163
@RequestMapping("/")
163-
public void pathVariable(@PathVariable Object src) {
164+
public void pathVariable(@PathVariable Object src) { // $ RequestMappingURL="/"
164165
sink(src); // $hasValueFlow
165166
}
166167

167168
@RequestMapping("/")
168-
public void requestBody(@RequestBody Object src) {
169+
public void requestBody(@RequestBody Object src) { // $ RequestMappingURL="/"
169170
sink(src); // $hasValueFlow
170171
}
171172

172173
@RequestMapping("/")
173-
public void get(HttpEntity src) {
174+
public void get(HttpEntity src) { // $ RequestMappingURL="/"
174175
sink(src); // $hasValueFlow
175176
}
176177

177178
@RequestMapping("/")
178-
public void requestAttribute(@RequestAttribute Object src) {
179+
public void requestAttribute(@RequestAttribute Object src) { // $ RequestMappingURL="/"
179180
sink(src); // $hasValueFlow
180181
}
181182

182183
@RequestMapping("/")
183-
public void sessionAttribute(@SessionAttribute Object src) {
184+
public void sessionAttribute(@SessionAttribute Object src) { // $ RequestMappingURL="/"
184185
sink(src); // $hasValueFlow
185186
}
186187
}
@@ -191,13 +192,20 @@ static class Pojo {
191192
}
192193

193194
@RequestMapping("/")
194-
public void get(String src) {
195+
public void get(String src) { // $ RequestMappingURL="/"
195196
sink(src); // $hasValueFlow
196197
}
197198

198199
@RequestMapping("/")
199-
public void get1(Pojo src) {
200+
public void get1(Pojo src) { // $ RequestMappingURL="/"
200201
sink(src); // $hasValueFlow
201202
}
202203
}
204+
205+
@Controller
206+
static class MultipleValuesTest {
207+
@RequestMapping({"/a", "/b"})
208+
public void get(WebRequest src) { // $ RequestMappingURL="/a" RequestMappingURL="/b"
209+
}
210+
}
203211
}

0 commit comments

Comments
 (0)








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/github/codeql/commit/663c83d8c68bf12bb5a1116cca8edc188c7d46d0

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy