hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

greedy matching

Browse Source
This commit is contained in:
retanoj
2022-12-08 09:23:24 +08:00
parent 9cfeaeb18e
commit 0edfc6e01e
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll
View File

@@ -135,7 +135,7 @@ predicate isMybatisXmlOrAnnotationSqlInjection(
exists(Annotation annotation |
unsafeExpression
.regexpMatch("\\$\\{\\s*" + annotation.getValue("value").(CompileTimeConstantExpr).getStringValue() +
"\\b[^}]*?\\}") and
"\\b[^}]*\\}") and
annotation.getType() instanceof TypeParam and
ma.getAnArgument() = node.asExpr() and
annotation.getTarget() =
@@ -153,11 +153,11 @@ predicate isMybatisXmlOrAnnotationSqlInjection(
exists(int i |
not ma.getMethod().getParameter(i).getAnAnnotation().getType() instanceof TypeParam and
(
unsafeExpression.regexpMatch("\\$\\{\\s*param" + (i + 1) + "\\b[^}]*?\\}")
unsafeExpression.regexpMatch("\\$\\{\\s*param" + (i + 1) + "\\b[^}]*\\}")
or
unsafeExpression.regexpMatch("\\$\\{\\s*arg" + i + "\\b[^}]*?\\}")
unsafeExpression.regexpMatch("\\$\\{\\s*arg" + i + "\\b[^}]*\\}")
or
unsafeExpression.regexpMatch("\\$\\{\\s*" + ma.getMethod().getParameter(i).getName() + "\\b[^}]*?\\}")
unsafeExpression.regexpMatch("\\$\\{\\s*" + ma.getMethod().getParameter(i).getName() + "\\b[^}]*\\}")
) and
ma.getArgument(i) = node.asExpr()
)
@@ -172,7 +172,7 @@ predicate isMybatisXmlOrAnnotationSqlInjection(
exists(int i, RefType t |
not ma.getMethod().getParameter(i).getAnAnnotation().getType() instanceof TypeParam and
ma.getMethod().getParameterType(i).getName() = t.getName() and
unsafeExpression.regexpMatch("\\$\\{\\s*" + t.getAField().getName() + "\\b[^}]*?\\}") and
unsafeExpression.regexpMatch("\\$\\{\\s*" + t.getAField().getName() + "\\b[^}]*\\}") and
ma.getArgument(i) = node.asExpr()
)
or