hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Track taint through java.io.File constructor and #toURI; URI#toURL

Browse Source
This commit is contained in:
Daniel Beck
2020-10-10 20:29:01 +02:00
parent c8cacb9fee
commit 0c70be145f
3 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/test/library-tests/dataflow/taint/B.java
View File

@@ -129,6 +129,9 @@ public class B {
String[][][] taintedArray3 = new String[][][] { { { s } } };
sink(taintedArray3);
// Tainted file path and URI
sink(new java.io.File(s).toURI().toURL());
return;
}