hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add RemoteFlowSource as a valid source

Browse Source
This commit is contained in:
Ed Minnix
2023-03-06 10:03:07 -05:00
parent 4d51e4fed0
commit 0eaad4136e
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-094/ArbitraryAPKInstallation.ql
View File

@@ -15,6 +15,7 @@ import semmle.code.java.frameworks.android.Intent
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.dataflow.TaintTracking3
import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.dataflow.ExternalFlow
import DataFlow::PathGraph
@@ -85,7 +86,8 @@ class ExternalApkSource extends DataFlow::Node {
ExternalApkSource() {
sourceNode(this, "android-external-storage-dir") or
this.asExpr().(MethodAccess).getMethod() instanceof UriConstructorMethod or
this.asExpr().(StringLiteral).getValue().matches("file://%")
this.asExpr().(StringLiteral).getValue().matches("file://%") or
this instanceof RemoteFlowSource
}
}