hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 12:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Removed TaintedSpringRequestBody

Browse Source
This commit is contained in:
Artem Smotrakov
2021-03-04 20:27:39 +01:00
parent c243f2f042
commit 0695b2a1fb
3 changed files with 111 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll
View File

@@ -10,10 +10,7 @@ import semmle.code.java.dataflow.TaintTracking
class JexlInjectionConfig extends TaintTracking::Configuration {
JexlInjectionConfig() { this = "JexlInjectionConfig" }
override predicate isSource(DataFlow::Node source) {
source instanceof TaintedSpringRequestBody or
source instanceof RemoteFlowSource
}
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink }
@@ -23,16 +20,6 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
}
}
/**
* A data flow source for parameters that have
* a Spring framework annotation indicating remote user input from servlets.
*/
private class TaintedSpringRequestBody extends DataFlow::Node {
TaintedSpringRequestBody() {
this.asParameter().getAnAnnotation() instanceof SpringServletInputAnnotation
}
}
/**
* A sink for Expresssion Language injection vulnerabilities via Jexl,
* i.e. method calls that run evaluation of a JEXL expression.