Add ExternallyControlledFormatStringLocalQuery.qll

2026-04-23 15:55:18 +02:00 · 2023-04-03 17:05:06 -04:00
parent 5834e4ac52
commit 0249187282
3 changed files with 23 additions and 15 deletions
--- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql
@@ -11,20 +11,7 @@
 */

 import java
-import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.StringFormat
-
-module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
-
-  predicate isSink(DataFlow::Node sink) {
-    sink.asExpr() = any(StringFormat formatCall).getFormatArgument()
-  }
-}
-
-module ExternallyControlledFormatStringLocalFlow =
-  TaintTracking::Global<ExternallyControlledFormatStringLocalConfig>;
-
+import semmle.code.java.security.ExternallyControlledFormatStringLocalQuery
 import ExternallyControlledFormatStringLocalFlow::PathGraph

 from