Add query for Struts and Spring actions

luchua-bc · luchua-bc · commit dc799019d0a2 · 2021-02-20T03:36:21.000Z
diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/ServletMain.ql b/java/ql/src/experimental/Security/CWE/CWE-489/ServletMain.ql
@@ -1,16 +1,16 @@
 /**
- * @name Main Method in Servlet
+ * @name Main Method in Java EE Web Components
  * @description Jave EE web applications with a main method.
  * @kind problem
- * @id java/main-method-in-servlet
+ * @id java/main-method-in-web-components
  * @tags security
  *       external/cwe-489
  */
 
 import java
 import semmle.code.java.frameworks.Servlets
 
-/** The java type `javax.servlet.Filter` */
+/** The java type `javax.servlet.Filter`. */
 class ServletFilterClass extends Class {
   ServletFilterClass() { this.getASupertype*().hasQualifiedName("javax.servlet", "Filter") }
 }
@@ -33,7 +33,19 @@ class ServletMainMethod extends Method {
     (
       this.getDeclaringType() instanceof ServletClass or
       this.getDeclaringType() instanceof ServletFilterClass or
-      this.getDeclaringType() instanceof ServletListenerClass
+      this.getDeclaringType() instanceof ServletListenerClass or
+      this.getDeclaringType()
+          .getASupertype*()
+          .hasQualifiedName("org.apache.struts.action", "Action") or // Struts actions
+      this.getDeclaringType()
+          .getASupertype+()
+          .hasQualifiedName("com.opensymphony.xwork2", "ActionSupport") or // Struts 2 actions
+      this.getDeclaringType()
+          .getASupertype+()
+          .hasQualifiedName("org.springframework.web.struts", "ActionSupport") or // Spring/Struts 2 actions
+      this.getDeclaringType()
+          .getASupertype+()
+          .hasQualifiedName("org.springframework.webflow.execution", "Action") // Spring actions
     ) and
     this.hasName("main") and
     this.isStatic() and
