github
diff --git a/‎java/ql/lib/semmle/code/java/frameworks/spring/SpringBoot.qll
Lines changed: 5 additions & 5 deletions b/‎java/ql/lib/semmle/code/java/frameworks/spring/SpringBoot.qll
Lines changed: 5 additions & 5 deletions
diff --git a/‎java/ql/lib/semmle/code/java/frameworks/spring/SpringSecurity.qll
Lines changed: 30 additions & 30 deletions b/‎java/ql/lib/semmle/code/java/frameworks/spring/SpringSecurity.qll
Lines changed: 30 additions & 30 deletions
diff --git a/‎java/ql/lib/semmle/code/java/security/SpringBootActuatorsQuery.qll
Lines changed: 14 additions & 14 deletions b/‎java/ql/lib/semmle/code/java/security/SpringBootActuatorsQuery.qll
Lines changed: 14 additions & 14 deletions
diff --git a/‎java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
Lines changed: 1 addition & 1 deletion b/‎java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
Lines changed: 1 addition & 1 deletion
@@ -8,17 +8,17 @@ import java
 /**
  * The class `org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest`.
  */
-class TypeEndpointRequest extends Class {
-  TypeEndpointRequest() {
+class SpringEndpointRequest extends Class {
+  SpringEndpointRequest() {
     this.hasQualifiedName("org.springframework.boot.actuate.autoconfigure.security.servlet",
       "EndpointRequest")
   }
 }
 
 /** A call to `EndpointRequest.toAnyEndpoint` method. */
-class ToAnyEndpointCall extends MethodCall {
-  ToAnyEndpointCall() {
+class SpringToAnyEndpointCall extends MethodCall {
+  SpringToAnyEndpointCall() {
     this.getMethod().hasName("toAnyEndpoint") and
-    this.getMethod().getDeclaringType() instanceof TypeEndpointRequest
+    this.getMethod().getDeclaringType() instanceof SpringEndpointRequest
   }
 }
@@ -6,8 +6,8 @@
 import java
 
 /** The class `org.springframework.security.config.annotation.web.builders.HttpSecurity`. */
-class TypeHttpSecurity extends Class {
-  TypeHttpSecurity() {
+class SpringHttpSecurity extends Class {
+  SpringHttpSecurity() {
     this.hasQualifiedName("org.springframework.security.config.annotation.web.builders",
       "HttpSecurity")
   }
@@ -19,8 +19,8 @@ class TypeHttpSecurity extends Class {
  * or the class
  * `org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer$AuthorizedUrl`.
  */
-class TypeAuthorizedUrl extends Class {
-  TypeAuthorizedUrl() {
+class SpringAuthorizedUrl extends Class {
+  SpringAuthorizedUrl() {
     this.hasQualifiedName("org.springframework.security.config.annotation.web.configurers",
       [
         "ExpressionUrlAuthorizationConfigurer<HttpSecurity>$AuthorizedUrl<>",
@@ -32,8 +32,8 @@ class TypeAuthorizedUrl extends Class {
 /**
  * The class `org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry`.
  */
-class TypeAbstractRequestMatcherRegistry extends Class {
-  TypeAbstractRequestMatcherRegistry() {
+class SpringAbstractRequestMatcherRegistry extends Class {
+  SpringAbstractRequestMatcherRegistry() {
     this.hasQualifiedName("org.springframework.security.config.annotation.web",
       "AbstractRequestMatcherRegistry<AuthorizedUrl<>>")
   }
@@ -45,10 +45,10 @@ class TypeAbstractRequestMatcherRegistry extends Class {
  * Note: this method is deprecated and scheduled for removal
  * in Spring Security 7.0.
  */
-class AuthorizeRequestsCall extends MethodCall {
-  AuthorizeRequestsCall() {
+class SpringAuthorizeRequestsCall extends MethodCall {
+  SpringAuthorizeRequestsCall() {
     this.getMethod().hasName("authorizeRequests") and
-    this.getMethod().getDeclaringType() instanceof TypeHttpSecurity
+    this.getMethod().getDeclaringType() instanceof SpringHttpSecurity
   }
 }
 
@@ -58,10 +58,10 @@ class AuthorizeRequestsCall extends MethodCall {
  * Note: the no-argument version of this method is deprecated
  * and scheduled for removal in Spring Security 7.0.
  */
-class AuthorizeHttpRequestsCall extends MethodCall {
-  AuthorizeHttpRequestsCall() {
+class SpringAuthorizeHttpRequestsCall extends MethodCall {
+  SpringAuthorizeHttpRequestsCall() {
     this.getMethod().hasName("authorizeHttpRequests") and
-    this.getMethod().getDeclaringType() instanceof TypeHttpSecurity
+    this.getMethod().getDeclaringType() instanceof SpringHttpSecurity
   }
 }
 
@@ -71,10 +71,10 @@ class AuthorizeHttpRequestsCall extends MethodCall {
  * Note: this method was removed in Spring Security 6.0.
  * It was replaced by `securityMatcher`.
  */
-class RequestMatcherCall extends MethodCall {
-  RequestMatcherCall() {
+class SpringRequestMatcherCall extends MethodCall {
+  SpringRequestMatcherCall() {
     this.getMethod().hasName("requestMatcher") and
-    this.getMethod().getDeclaringType() instanceof TypeHttpSecurity
+    this.getMethod().getDeclaringType() instanceof SpringHttpSecurity
   }
 }
 
@@ -84,41 +84,41 @@ class RequestMatcherCall extends MethodCall {
  * Note: this method was removed in Spring Security 6.0.
  * It was replaced by `securityMatchers`.
  */
-class RequestMatchersCall extends MethodCall {
-  RequestMatchersCall() {
+class SpringRequestMatchersCall extends MethodCall {
+  SpringRequestMatchersCall() {
     this.getMethod().hasName("requestMatchers") and
-    this.getMethod().getDeclaringType() instanceof TypeHttpSecurity
+    this.getMethod().getDeclaringType() instanceof SpringHttpSecurity
   }
 }
 
 /** A call to the `HttpSecurity.securityMatcher` method. */
-class SecurityMatcherCall extends MethodCall {
-  SecurityMatcherCall() {
+class SpringSecurityMatcherCall extends MethodCall {
+  SpringSecurityMatcherCall() {
     this.getMethod().hasName("securityMatcher") and
-    this.getMethod().getDeclaringType() instanceof TypeHttpSecurity
+    this.getMethod().getDeclaringType() instanceof SpringHttpSecurity
   }
 }
 
 /** A call to the `HttpSecurity.securityMatchers` method. */
-class SecurityMatchersCall extends MethodCall {
-  SecurityMatchersCall() {
+class SpringSecurityMatchersCall extends MethodCall {
+  SpringSecurityMatchersCall() {
     this.getMethod().hasName("securityMatchers") and
-    this.getMethod().getDeclaringType() instanceof TypeHttpSecurity
+    this.getMethod().getDeclaringType() instanceof SpringHttpSecurity
   }
 }
 
 /** A call to the `AuthorizedUrl.permitAll` method. */
-class PermitAllCall extends MethodCall {
-  PermitAllCall() {
+class SpringPermitAllCall extends MethodCall {
+  SpringPermitAllCall() {
     this.getMethod().hasName("permitAll") and
-    this.getMethod().getDeclaringType() instanceof TypeAuthorizedUrl
+    this.getMethod().getDeclaringType() instanceof SpringAuthorizedUrl
   }
 }
 
 /** A call to the `AbstractRequestMatcherRegistry.anyRequest` method. */
-class AnyRequestCall extends MethodCall {
-  AnyRequestCall() {
+class SpringAnyRequestCall extends MethodCall {
+  SpringAnyRequestCall() {
     this.getMethod().hasName("anyRequest") and
-    this.getMethod().getDeclaringType() instanceof TypeAbstractRequestMatcherRegistry
+    this.getMethod().getDeclaringType() instanceof SpringAbstractRequestMatcherRegistry
   }
 }
@@ -11,10 +11,10 @@ private import semmle.code.java.frameworks.spring.SpringBoot
 private class HttpSecurityMatcherCall extends MethodCall {
   HttpSecurityMatcherCall() {
     (
-      this instanceof RequestMatcherCall or
-      this instanceof SecurityMatcherCall
+      this instanceof SpringRequestMatcherCall or
+      this instanceof SpringSecurityMatcherCall
     ) and
-    this.getArgument(0) instanceof ToAnyEndpointCall
+    this.getArgument(0) instanceof SpringToAnyEndpointCall
   }
 }
 
@@ -25,10 +25,10 @@ private class HttpSecurityMatcherCall extends MethodCall {
 private class HttpSecurityMatchersCall extends MethodCall {
   HttpSecurityMatchersCall() {
     (
-      this instanceof RequestMatchersCall or
-      this instanceof SecurityMatchersCall
+      this instanceof SpringRequestMatchersCall or
+      this instanceof SpringSecurityMatchersCall
     ) and
-    this.getArgument(0).(LambdaExpr).getExprBody() instanceof ToAnyEndpointCall
+    this.getArgument(0).(LambdaExpr).getExprBody() instanceof SpringToAnyEndpointCall
   }
 }
 
@@ -39,21 +39,21 @@ private class HttpSecurityMatchersCall extends MethodCall {
 private class RegistryRequestMatchersCall extends MethodCall {
   RegistryRequestMatchersCall() {
     this.getMethod().hasName("requestMatchers") and
-    this.getMethod().getDeclaringType() instanceof TypeAbstractRequestMatcherRegistry and
-    this.getAnArgument() instanceof ToAnyEndpointCall
+    this.getMethod().getDeclaringType() instanceof SpringAbstractRequestMatcherRegistry and
+    this.getAnArgument() instanceof SpringToAnyEndpointCall
   }
 }
 
 /** A call to an `HttpSecurity` method that authorizes requests. */
 private class AuthorizeCall extends MethodCall {
   AuthorizeCall() {
-    this instanceof AuthorizeRequestsCall or
-    this instanceof AuthorizeHttpRequestsCall
+    this instanceof SpringAuthorizeRequestsCall or
+    this instanceof SpringAuthorizeHttpRequestsCall
   }
 }
 
 /** Holds if `permitAllCall` is called on request(s) mapped to actuator endpoint(s). */
-predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {
+predicate permitsSpringBootActuators(SpringPermitAllCall permitAllCall) {
   exists(AuthorizeCall authorizeCall |
     // .requestMatcher(EndpointRequest).authorizeRequests([...]).[...]
     authorizeCall.getQualifier() instanceof HttpSecurityMatcherCall
@@ -65,7 +65,7 @@ predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {
     // [...].authorizeRequests(r -> r.requestMatchers(EndpointRequest).permitAll())
     authorizeCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and
     (
-      permitAllCall.getQualifier() instanceof AnyRequestCall or
+      permitAllCall.getQualifier() instanceof SpringAnyRequestCall or
       permitAllCall.getQualifier() instanceof RegistryRequestMatchersCall
     )
     or
@@ -77,7 +77,7 @@ predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {
       permitAllCall.getQualifier() = registryRequestMatchersCall
     )
     or
-    exists(AnyRequestCall anyRequestCall |
+    exists(SpringAnyRequestCall anyRequestCall |
       anyRequestCall.getQualifier() = authorizeCall and
       permitAllCall.getQualifier() = anyRequestCall
     )
@@ -104,7 +104,7 @@ predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {
       v.getAnAccess() = authorizeCall.getQualifier() and
       v.getAnAccess() = matcherCall.getQualifier() and
       authorizeCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and
-      permitAllCall.getQualifier() instanceof AnyRequestCall
+      permitAllCall.getQualifier() instanceof SpringAnyRequestCall
     )
   )
 }
@@ -15,6 +15,6 @@ import java
 import semmle.code.java.frameworks.spring.SpringSecurity
 import semmle.code.java.security.SpringBootActuatorsQuery
 
-from PermitAllCall permitAllCall
+from SpringPermitAllCall permitAllCall
 where permitsSpringBootActuators(permitAllCall)
 select permitAllCall, "Unauthenticated access to Spring Boot actuator is allowed."
Original file line number	Diff line number	Diff line change
`@@ -8,17 +8,17 @@ import java`
`8`	`8`	`/**`
`9`	`9`	* The class `org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest`.
`10`	`10`	`*/`
`11`		`-class TypeEndpointRequest extends Class {`
`12`		`- TypeEndpointRequest() {`
	`11`	`+class SpringEndpointRequest extends Class {`
	`12`	`+ SpringEndpointRequest() {`
`13`	`13`	`this.hasQualifiedName("org.springframework.boot.actuate.autoconfigure.security.servlet",`
`14`	`14`	`"EndpointRequest")`
`15`	`15`	`}`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	/** A call to `EndpointRequest.toAnyEndpoint` method. */
`19`		`-class ToAnyEndpointCall extends MethodCall {`
`20`		`- ToAnyEndpointCall() {`
	`19`	`+class SpringToAnyEndpointCall extends MethodCall {`
	`20`	`+ SpringToAnyEndpointCall() {`
`21`	`21`	`this.getMethod().hasName("toAnyEndpoint") and`
`22`		`- this.getMethod().getDeclaringType() instanceof TypeEndpointRequest`
	`22`	`+ this.getMethod().getDeclaringType() instanceof SpringEndpointRequest`
`23`	`23`	`}`
`24`	`24`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,10 +11,10 @@ private import semmle.code.java.frameworks.spring.SpringBoot`
`11`	`11`	`private class HttpSecurityMatcherCall extends MethodCall {`
`12`	`12`	`HttpSecurityMatcherCall() {`
`13`	`13`	`(`
`14`		`- this instanceof RequestMatcherCall or`
`15`		`- this instanceof SecurityMatcherCall`
	`14`	`+ this instanceof SpringRequestMatcherCall or`
	`15`	`+ this instanceof SpringSecurityMatcherCall`
`16`	`16`	`) and`
`17`		`- this.getArgument(0) instanceof ToAnyEndpointCall`
	`17`	`+ this.getArgument(0) instanceof SpringToAnyEndpointCall`
`18`	`18`	`}`
`19`	`19`	`}`
`20`	`20`
`@@ -25,10 +25,10 @@ private class HttpSecurityMatcherCall extends MethodCall {`
`25`	`25`	`private class HttpSecurityMatchersCall extends MethodCall {`
`26`	`26`	`HttpSecurityMatchersCall() {`
`27`	`27`	`(`
`28`		`- this instanceof RequestMatchersCall or`
`29`		`- this instanceof SecurityMatchersCall`
	`28`	`+ this instanceof SpringRequestMatchersCall or`
	`29`	`+ this instanceof SpringSecurityMatchersCall`
`30`	`30`	`) and`
`31`		`- this.getArgument(0).(LambdaExpr).getExprBody() instanceof ToAnyEndpointCall`
	`31`	`+ this.getArgument(0).(LambdaExpr).getExprBody() instanceof SpringToAnyEndpointCall`
`32`	`32`	`}`
`33`	`33`	`}`
`34`	`34`
`@@ -39,21 +39,21 @@ private class HttpSecurityMatchersCall extends MethodCall {`
`39`	`39`	`private class RegistryRequestMatchersCall extends MethodCall {`
`40`	`40`	`RegistryRequestMatchersCall() {`
`41`	`41`	`this.getMethod().hasName("requestMatchers") and`
`42`		`- this.getMethod().getDeclaringType() instanceof TypeAbstractRequestMatcherRegistry and`
`43`		`- this.getAnArgument() instanceof ToAnyEndpointCall`
	`42`	`+ this.getMethod().getDeclaringType() instanceof SpringAbstractRequestMatcherRegistry and`
	`43`	`+ this.getAnArgument() instanceof SpringToAnyEndpointCall`
`44`	`44`	`}`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	/** A call to an `HttpSecurity` method that authorizes requests. */
`48`	`48`	`private class AuthorizeCall extends MethodCall {`
`49`	`49`	`AuthorizeCall() {`
`50`		`- this instanceof AuthorizeRequestsCall or`
`51`		`- this instanceof AuthorizeHttpRequestsCall`
	`50`	`+ this instanceof SpringAuthorizeRequestsCall or`
	`51`	`+ this instanceof SpringAuthorizeHttpRequestsCall`
`52`	`52`	`}`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	/** Holds if `permitAllCall` is called on request(s) mapped to actuator endpoint(s). */
`56`		`-predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {`
	`56`	`+predicate permitsSpringBootActuators(SpringPermitAllCall permitAllCall) {`
`57`	`57`	`exists(AuthorizeCall authorizeCall \|`
`58`	`58`	`// .requestMatcher(EndpointRequest).authorizeRequests([...]).[...]`
`59`	`59`	`authorizeCall.getQualifier() instanceof HttpSecurityMatcherCall`
`@@ -65,7 +65,7 @@ predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {`
`65`	`65`	`// [...].authorizeRequests(r -> r.requestMatchers(EndpointRequest).permitAll())`
`66`	`66`	`authorizeCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and`
`67`	`67`	`(`
`68`		`- permitAllCall.getQualifier() instanceof AnyRequestCall or`
	`68`	`+ permitAllCall.getQualifier() instanceof SpringAnyRequestCall or`
`69`	`69`	`permitAllCall.getQualifier() instanceof RegistryRequestMatchersCall`
`70`	`70`	`)`
`71`	`71`	`or`
`@@ -77,7 +77,7 @@ predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {`
`77`	`77`	`permitAllCall.getQualifier() = registryRequestMatchersCall`
`78`	`78`	`)`
`79`	`79`	`or`
`80`		`- exists(AnyRequestCall anyRequestCall \|`
	`80`	`+ exists(SpringAnyRequestCall anyRequestCall \|`
`81`	`81`	`anyRequestCall.getQualifier() = authorizeCall and`
`82`	`82`	`permitAllCall.getQualifier() = anyRequestCall`
`83`	`83`	`)`
`@@ -104,7 +104,7 @@ predicate permitsSpringBootActuators(PermitAllCall permitAllCall) {`
`104`	`104`	`v.getAnAccess() = authorizeCall.getQualifier() and`
`105`	`105`	`v.getAnAccess() = matcherCall.getQualifier() and`
`106`	`106`	`authorizeCall.getArgument(0).(LambdaExpr).getExprBody() = permitAllCall and`
`107`		`- permitAllCall.getQualifier() instanceof AnyRequestCall`
	`107`	`+ permitAllCall.getQualifier() instanceof SpringAnyRequestCall`
`108`	`108`	`)`
`109`	`109`	`)`
`110`	`110`	`}`