Fix SpringRequestMappingMethod URL Extraction: Use getAStringArrayValue Instead of getValue #19512
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR addresses an issue with URL extraction from Spring’s @RequestMapping annotations by switching from getStringValue to getAStringArrayValue, ensuring both single and array-typed values are correctly handled.
- Introduces a new method getArrayValue to extract array-based string values.
- Enhances the accuracy of URL extraction in CodeQL queries for Spring controllers.
Comments suppressed due to low confidence (1)
java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll:162
- The method getArrayValue is declared to return a single string despite extracting an array value. Confirm whether the intended design is to merge multiple values into one string, and consider adjusting the return type for clarity if necessary.
string getArrayValue() { result = requestMappingAnnotation.getAStringArrayValue("value") }
| @@ -156,6 +156,10 @@ class SpringRequestMappingMethod extends SpringControllerMethod { | |||
| /** Gets the "value" @RequestMapping annotation value, if present. */ | |||
| string getValue() { result = requestMappingAnnotation.getStringValue("value") } | |||
|
|
|||
|
|
|||
|
|
|||
| /** Gets the "value" @RequestMapping annotation array string value, if present. */ | |||
There was a problem hiding this comment.
Clarify in the documentation how getArrayValue behaves when multiple URL strings are present in the annotation, e.g., whether they are concatenated or handled in some other way.
Copilot uses AI. Check for mistakes.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously, the SpringRequestMappingMethod class in CodeQL used the getValue or getStringValue predicate to extract the "value" attribute from Spring's @RequestMapping and related annotations. However, in Spring, the "value" and "path" attributes are defined as String[] (string arrays), not single strings. This caused issues where URLs could not be extracted if they were specified as arrays.
This PR updates the relevant logic to use getAStringArrayValue, which correctly handles array-typed annotation elements and ensures all specified URLs are extracted, regardless of whether they are provided as single values or arrays. This change improves the accuracy and reliability of Spring controller route extraction in CodeQL queries.
spring-web-5.2.8.RELEASE
org.springframework.web.bind.annotation.RequestMappingor
https://github.com/spring-projects/spring-framework/blob/main/spring-web/src/main/java/org/springframework/web/bind/annotation/RequestMapping.java