hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 14:34:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: add taint-tracking config for execute to exclude FPs from non-update queries like select

Browse Source
This commit is contained in:
Jami Cogswell
2024-12-12 16:19:36 -05:00
parent 97aaf4c011
commit 0f39011122
4 changed files with 84 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
View File

@@ -15,9 +15,9 @@
import java
import semmle.code.java.security.CsrfUnprotectedRequestTypeQuery
query predicate edges(PathNode pred, PathNode succ) { CallGraph::edges(pred, succ) }
query predicate edges(CallPathNode pred, CallPathNode succ) { CallGraph::edges(pred, succ) }
from PathNode source, PathNode reachable, PathNode callsReachable
from CallPathNode source, CallPathNode reachable, CallPathNode callsReachable
where unprotectedStateChange(source, reachable, callsReachable)
select source.asMethod(), source, callsReachable,
"Potential CSRF vulnerability due to using an HTTP request type which is not default-protected from CSRF for an apparent $@.",