Add the constraint that the caller method must throw an exception

luchua-bc · luchua-bc · commit dcb7324643d5 · 2020-11-11T16:47:53.000Z
diff --git a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql
@@ -48,9 +48,10 @@ class UncaughtServletExceptionSink extends DataFlow::ExprNode {
   UncaughtServletExceptionSink() {
     exists(Method m, MethodAccess ma | ma.getMethod() = m |
       isServletMethod(ma.getEnclosingCallable()) and
+      exists(m.getAThrownExceptionType()) and // The called method might plausibly throw an exception.
       ma.getAnArgument() = this.getExpr() and
       not exists(TryStmt t |
-        t.getBlock() = ma.getEnclosingStmt().getEnclosingStmt*() and
+        t.getBlock() = ma.getAnEnclosingStmt() and
         exceptionIsCaught(t, m.getAThrownExceptionType())
       )
     )

Original file line number	Diff line number	Diff line change
`@@ -48,9 +48,10 @@ class UncaughtServletExceptionSink extends DataFlow::ExprNode {`
`48`	`48`	`UncaughtServletExceptionSink() {`
`49`	`49`	`exists(Method m, MethodAccess ma \| ma.getMethod() = m \|`
`50`	`50`	`isServletMethod(ma.getEnclosingCallable()) and`
	`51`	`+ exists(m.getAThrownExceptionType()) and // The called method might plausibly throw an exception.`
`51`	`52`	`ma.getAnArgument() = this.getExpr() and`
`52`	`53`	`not exists(TryStmt t \|`
`53`		`- t.getBlock() = ma.getEnclosingStmt().getEnclosingStmt*() and`
	`54`	`+ t.getBlock() = ma.getAnEnclosingStmt() and`
`54`	`55`	`exceptionIsCaught(t, m.getAThrownExceptionType())`
`55`	`56`	`)`
`56`	`57`	`)`