hohn/codeql-lab
1
0
Fork 0
mirror of https://github.com/hohn/codeql-lab.git synced 2025-12-16 18:03:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clean code for TaintFlowDebugging.ql

Browse Source
This commit is contained in:
Kristen Newbury
2025-07-30 11:56:28 -04:00
parent d2595c657f
commit 1b5de3ff9a
1 changed files with 1 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
codeql-sqlite/TaintFlowDebugging.ql
View File

@@ -8,6 +8,7 @@
import java import java
import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking
class ReadLineSource extends Source { class ReadLineSource extends Source {
ReadLineSource() { this.getMethod().hasQualifiedName("java.io", "Console", "readLine") } ReadLineSource() { this.getMethod().hasQualifiedName("java.io", "Console", "readLine") }
@@ -19,13 +20,6 @@ class Sink extends MethodCall {
Sink() { this.getMethod().hasQualifiedName("java.sql", "Statement", "executeUpdate") } Sink() { this.getMethod().hasQualifiedName("java.sql", "Statement", "executeUpdate") }
} }
// from Sink s
// select s, ""
// from MethodCall mc
// where mc.getMethod().getName() = "readLine"
// select mc, mc.getMethod().getQualifiedName()
import semmle.code.java.dataflow.TaintTracking
module MyFlowConfiguration implements DataFlow::ConfigSig { module MyFlowConfiguration implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { predicate isSource(DataFlow::Node source) {
//exists(Source s | source.asExpr() = s) //exists(Source s | source.asExpr() = s)
@@ -33,7 +27,6 @@ module MyFlowConfiguration implements DataFlow::ConfigSig {
} }
predicate isSink(DataFlow::Node sink) { predicate isSink(DataFlow::Node sink) {
//sink.asExpr() instanceof Sink
exists(Sink sink2 | sink.asExpr() = sink2.getArgument(_)) exists(Sink sink2 | sink.asExpr() = sink2.getArgument(_))
//any() //any()
} }