fix(java): Update JSP queries to fix bug

GeekMasher · GeekMasher · commit ec50ef9bbcbd · 2024-06-06T12:52:26.000+01:00
diff --git a/java/src/audit/CWE-079/XSSJSPLenient.ql b/java/src/audit/CWE-079/XSSJSPLenient.ql
@@ -151,8 +151,6 @@ module LiteralConfig {
   }
 
   module LiteralFlow = TaintTracking::Global<LiteralConfig>;
-
-  import LiteralFlow::PathGraph
 }
 
 module ContextFlow {
@@ -165,8 +163,6 @@ module ContextFlow {
   }
 
   module ContextFlow = TaintTracking::Global<ContextFlowConfig>;
-
-  import ContextFlow::PathGraph
 }
 
 class RedirectToJsp extends ReturnStmt {
@@ -183,6 +179,8 @@ class RedirectToJsp extends ReturnStmt {
   File getJspFile() { result = jsp }
 }
 
+import Xss::XssFlow::PathGraph
+
 from Xss::XssFlow::PathNode source, Xss::XssFlow::PathNode sink, JSPTaintStep jspts
 where
   Xss::XssFlow::flowPath(source, sink) and
diff --git a/java/src/security/CWE-079/XSSJSP.ql b/java/src/security/CWE-079/XSSJSP.ql
@@ -68,8 +68,6 @@ module LiteralConfig {
   }
 
   module LiteralFlow = TaintTracking::Global<LiteralConfig>;
-
-  import LiteralFlow::PathGraph
 }
 
 class RedirectToJsp extends ReturnStmt {
@@ -86,6 +84,8 @@ class RedirectToJsp extends ReturnStmt {
   File getJspFile() { result = jsp }
 }
 
+import Xss::XssFlow::PathGraph
+
 from Xss::XssFlow::PathNode source, Xss::XssFlow::PathNode sink, JSPTaintStep jspts
 where
   Xss::XssFlow::flowPath(source, sink) and

Original file line number	Diff line number	Diff line change
`@@ -151,8 +151,6 @@ module LiteralConfig {`
`151`	`151`	`}`
`152`	`152`
`153`	`153`	`module LiteralFlow = TaintTracking::Global<LiteralConfig>;`
`154`		`-`
`155`		`- import LiteralFlow::PathGraph`
`156`	`154`	`}`
`157`	`155`
`158`	`156`	`module ContextFlow {`
`@@ -165,8 +163,6 @@ module ContextFlow {`
`165`	`163`	`}`
`166`	`164`
`167`	`165`	`module ContextFlow = TaintTracking::Global<ContextFlowConfig>;`
`168`		`-`
`169`		`- import ContextFlow::PathGraph`
`170`	`166`	`}`
`171`	`167`
`172`	`168`	`class RedirectToJsp extends ReturnStmt {`
`@@ -183,6 +179,8 @@ class RedirectToJsp extends ReturnStmt {`
`183`	`179`	`File getJspFile() { result = jsp }`
`184`	`180`	`}`
`185`	`181`
	`182`	`+import Xss::XssFlow::PathGraph`
	`183`	`+`
`186`	`184`	`from Xss::XssFlow::PathNode source, Xss::XssFlow::PathNode sink, JSPTaintStep jspts`
`187`	`185`	`where`
`188`	`186`	`Xss::XssFlow::flowPath(source, sink) and`
Original file line number	Diff line number	Diff line change
`@@ -68,8 +68,6 @@ module LiteralConfig {`
`68`	`68`	`}`
`69`	`69`
`70`	`70`	`module LiteralFlow = TaintTracking::Global<LiteralConfig>;`
`71`		`-`
`72`		`- import LiteralFlow::PathGraph`
`73`	`71`	`}`
`74`	`72`
`75`	`73`	`class RedirectToJsp extends ReturnStmt {`
`@@ -86,6 +84,8 @@ class RedirectToJsp extends ReturnStmt {`
`86`	`84`	`File getJspFile() { result = jsp }`
`87`	`85`	`}`
`88`	`86`
	`87`	`+import Xss::XssFlow::PathGraph`
	`88`	`+`
`89`	`89`	`from Xss::XssFlow::PathNode source, Xss::XssFlow::PathNode sink, JSPTaintStep jspts`
`90`	`90`	`where`
`91`	`91`	`Xss::XssFlow::flowPath(source, sink) and`