Java: Model Spring @responsebody methods.

lcartey · lcartey · commit 1d1234093f2a · 2020-06-16T09:50:33.000+01:00
diff --git a/java/ql/src/semmle/code/java/frameworks/spring/SpringController.qll b/java/ql/src/semmle/code/java/frameworks/spring/SpringController.qll
@@ -3,7 +3,7 @@ import semmle.code.java.Maps
 import SpringWeb
 
 /**
- * An annotation type that identifies Spring components.
+ * An annotation type that identifies Spring controllers.
  */
 class SpringControllerAnnotation extends AnnotationType {
   SpringControllerAnnotation() {
@@ -15,13 +15,31 @@ class SpringControllerAnnotation extends AnnotationType {
   }
 }
 
+/**
+ * An annotation type that identifies Spring rest controllers.
+ *
+ * Rest controllers are the same as controllers, but imply the @ResponseBody annotation.
+ */
+class SpringRestControllerAnnotation extends SpringControllerAnnotation {
+  SpringRestControllerAnnotation() {
+    hasName("RestController")
+  }
+}
+
 /**
  * A class annotated, directly or indirectly, as a Spring `Controller`.
  */
 class SpringController extends Class {
   SpringController() { getAnAnnotation().getType() instanceof SpringControllerAnnotation }
 }
 
+/**
+ * A class annotated, directly or indirectly, as a Spring `RestController`.
+ */
+class SpringRestController extends SpringController {
+  SpringRestController() { getAnAnnotation().getType() instanceof SpringRestControllerAnnotation }
+}
+
 /**
  * A method on a Spring controller which is accessed by the Spring MVC framework.
  */
@@ -73,6 +91,16 @@ class SpringRequestMappingAnnotationType extends AnnotationType {
   }
 }
 
+/**
+ * An `AnnotationType` which is used to indicate a `ResponseBody`.
+ */
+class SpringResponseBodyAnnotationType extends AnnotationType {
+  SpringResponseBodyAnnotationType() {
+    // `@ResponseBody` used directly as an annotation.
+    hasQualifiedName("org.springframework.web.bind.annotation", "ResponseBody")
+  }
+}
+
 /**
  * A method on a Spring controller that is executed in response to a web request.
  */
@@ -91,6 +119,15 @@ class SpringRequestMappingMethod extends SpringControllerMethod {
   SpringRequestMappingParameter getARequestParameter() {
     result = getAParameter()
   }
+
+  /** Holds if this is considered an @ResponseBody method. */
+  predicate isResponseBody() {
+    getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType
+    or
+    getDeclaringType().getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType
+    or
+    getDeclaringType() instanceof SpringRestController
+  }
 }
 
 /** A Spring framework annotation indicating remote user input from servlets. */
