Skip to content

Commit 5b79094

Browse files
tamasvajktamasvajk
committed
Fix naming in HTTPS URL check
1 parent e08b629 commit 5b79094

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ import semmle.code.java.frameworks.Networking
1515
import DataFlow::PathGraph
1616
private import semmle.code.java.dataflow.ExternalFlow
1717

18-
class HTTPString extends StringLiteral {
19-
HTTPString() {
18+
class HttpString extends StringLiteral {
19+
HttpString() {
2020
// Avoid matching "https" here.
2121
exists(string s | this.getRepresentedString() = s |
2222
(
@@ -31,12 +31,12 @@ class HTTPString extends StringLiteral {
3131
}
3232
}
3333

34-
class HTTPStringToURLOpenMethodFlowConfig extends TaintTracking::Configuration {
35-
HTTPStringToURLOpenMethodFlowConfig() { this = "HttpsUrls::HTTPStringToURLOpenMethodFlowConfig" }
34+
class HttpStringToUrlOpenMethodFlowConfig extends TaintTracking::Configuration {
35+
HttpStringToUrlOpenMethodFlowConfig() { this = "HttpsUrls::HttpStringToUrlOpenMethodFlowConfig" }
3636

37-
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof HTTPString }
37+
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof HttpString }
3838

39-
override predicate isSink(DataFlow::Node sink) { sink instanceof URLOpenSink }
39+
override predicate isSink(DataFlow::Node sink) { sink instanceof UrlOpenSink }
4040

4141
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
4242
exists(UrlConstructorCall u |
@@ -53,14 +53,14 @@ class HTTPStringToURLOpenMethodFlowConfig extends TaintTracking::Configuration {
5353
/**
5454
* A sink that represents a URL opening method call, such as a call to `java.net.URL.openConnection()`.
5555
*/
56-
private class URLOpenSink extends DataFlow::Node {
57-
URLOpenSink() { sinkNode(this, "open-url") }
56+
private class UrlOpenSink extends DataFlow::Node {
57+
UrlOpenSink() { sinkNode(this, "open-url") }
5858
}
5959

60-
from DataFlow::PathNode source, DataFlow::PathNode sink, MethodAccess m, HTTPString s
60+
from DataFlow::PathNode source, DataFlow::PathNode sink, MethodAccess m, HttpString s
6161
where
6262
source.getNode().asExpr() = s and
6363
sink.getNode().asExpr() = m.getQualifier() and
64-
any(HTTPStringToURLOpenMethodFlowConfig c).hasFlowPath(source, sink)
64+
any(HttpStringToUrlOpenMethodFlowConfig c).hasFlowPath(source, sink)
6565
select m, source, sink, "URL may have been constructed with HTTP protocol, using $@.", s,
6666
"this source"

0 commit comments

Comments
 (0)