hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move QueryInjectionSink into importable library

Browse Source 
This enables defining of new sinks to customise the CWE-089 queries.
This commit is contained in:
Remco Vermeulen
2020-07-08 16:24:06 +02:00
parent c166fee198
commit 06517c6f82
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll
View File

@@ -2,15 +2,13 @@
import semmle.code.java.Expr
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.QueryInjection
import semmle.code.java.frameworks.android.SQLite
import semmle.code.java.frameworks.javaee.Persistence
import semmle.code.java.frameworks.SpringJdbc
import semmle.code.java.frameworks.MyBatis
import semmle.code.java.frameworks.Hibernate
/** A sink for database query language injection vulnerabilities. */
abstract class QueryInjectionSink extends DataFlow::ExprNode { }
/** A sink for SQL injection vulnerabilities. */
class SqlInjectionSink extends QueryInjectionSink {
SqlInjectionSink() {

5
java/ql/src/semmle/code/java/security/QueryInjection.qll Normal file
View File

@@ -0,0 +1,5 @@
import java
import semmle.code.java.dataflow.DataFlow
/** A sink for database query language injection vulnerabilities. */
abstract class QueryInjectionSink extends DataFlow::ExprNode { }