Merge pull request #3081 from aschackmull/java/urldecoder-step

Java: Add URLDecoder.decode as taint step.
2026-02-28 21:03:50 +01:00 · 2020-03-20 13:53:20 -04:00
parent bcda481d4a 9c9e302a73
commit 16f2957029
1 changed files with 4 additions and 0 deletions
--- a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -473,6 +473,10 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {
    method.getName() = "toString" and arg = 0
  )
  or
+  method.getDeclaringType().hasQualifiedName("java.net", "URLDecoder") and
+  method.hasName("decode") and
+  arg = 0
+  or
  // A URI created from a tainted string is still tainted.
  method.getDeclaringType().hasQualifiedName("java.net", "URI") and
  method.hasName("create") and