hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 04:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Don't ignore local taint steps (fixup)

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-01-08 15:29:01 +01:00
committed by GitHub
parent 874af7637f
commit 00c253a710
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/semmle/code/java/security/ExternalAPIs.qll
View File

@@ -75,7 +75,8 @@ class ExternalAPIDataNode extends DataFlow::Node {
m.getASourceOverriddenMethod() = call.getCallee().getSourceDeclaration() and
m.fromSource()
) and
// Not already modeled as a taint step
// Not already modeled as a taint step (we need both of these to handle `AdditionalTaintStep` subclasses as well)
not exists(DataFlow::Node next | TaintTracking::localTaintStep(this, next)) and
not exists(DataFlow::Node next | TaintTracking::defaultAdditionalTaintStep(this, next)) and
// Not a call to a known safe external API
not call.getCallee() instanceof SafeExternalAPIMethod