hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove the isAdditionalTaintStep predicate

Browse Source
This commit is contained in:
luchua-bc
2021-05-14 11:43:49 +00:00
parent e7cd6c9972
commit 1497fba6f2
1 changed files with 0 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql
View File

@@ -102,16 +102,6 @@ class CodeInjectionConfiguration extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof CodeInjectionSink }
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
// @RequestBody MyQueryObj query; interpreter.exec(query.getInterpreterCode());
exists(MethodAccess ma |
ma.getMethod().getDeclaringType().getASubtype*() instanceof SpringUntrustedDataType and
not ma.getMethod().getDeclaringType() instanceof TypeObject and
ma.getQualifier() = node1.asExpr() and
ma = node2.asExpr()
)
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, CodeInjectionConfiguration conf