Skip to content

Commit 0e2c5db

Browse files
JLLeitschuhaschackmull
JLLeitschuh
and
aschackmull
authored
Netty Response Splitting use CompileTimeConstantExpr
Co-Authored-By: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
1 parent b218374 commit 0e2c5db

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,14 +18,14 @@ abstract private class InsecureNettyObjectCreation extends ClassInstanceExpr { }
1818
private class InsecureDefaultHttpHeadersClassInstantiation extends InsecureNettyObjectCreation {
1919
InsecureDefaultHttpHeadersClassInstantiation() {
2020
getConstructedType().hasQualifiedName("io.netty.handler.codec.http", "DefaultHttpHeaders") and
21-
getArgument(0).getProperExpr().(BooleanLiteral).getBooleanValue() = false
21+
getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false
2222
}
2323
}
2424

2525
private class InsecureDefaultHttpResponseClassInstantiation extends InsecureNettyObjectCreation {
2626
InsecureDefaultHttpResponseClassInstantiation() {
2727
getConstructedType().hasQualifiedName("io.netty.handler.codec.http", "DefaultHttpResponse") and
28-
getArgument(2).getProperExpr().(BooleanLiteral).getBooleanValue() = false
28+
getArgument(2).(CompileTimeConstantExpr).getBooleanValue() = false
2929
}
3030
}
3131

0 commit comments

Comments
 (0)