mirror of
https://github.com/github/codeql.git
synced 2026-02-28 04:43:42 +01:00
Java: Don't ignore local taint steps (fixup)
This commit is contained in:
committed by
GitHub
parent
874af7637f
commit
00c253a710
@@ -75,7 +75,8 @@ class ExternalAPIDataNode extends DataFlow::Node {
|
||||
m.getASourceOverriddenMethod() = call.getCallee().getSourceDeclaration() and
|
||||
m.fromSource()
|
||||
) and
|
||||
// Not already modeled as a taint step
|
||||
// Not already modeled as a taint step (we need both of these to handle `AdditionalTaintStep` subclasses as well)
|
||||
not exists(DataFlow::Node next | TaintTracking::localTaintStep(this, next)) and
|
||||
not exists(DataFlow::Node next | TaintTracking::defaultAdditionalTaintStep(this, next)) and
|
||||
// Not a call to a known safe external API
|
||||
not call.getCallee() instanceof SafeExternalAPIMethod
|
||||
|
||||
Reference in New Issue
Block a user