hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move RegexInjectionSink to query config (qll)

Browse Source
This commit is contained in:
jorgectf
2021-03-27 00:26:30 +01:00
parent 53d61c4fb6
commit 18ce257fc8
2 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
python/ql/src/experimental/semmle/python/Concepts.qll
View File

@@ -76,16 +76,3 @@ class RegexEscape extends DataFlow::Node {
DataFlow::CallCfgNode getEscapeMethod() { result = range.getEscapeMethod() }
}
class RegexInjectionSink extends DataFlow::Node {
Attribute regexMethod;
RegexInjectionSink() {
exists(RegexExecution reExec |
this = reExec.getRegexNode() and
regexMethod = reExec.getRegexMethod().getFunction().asExpr().(Attribute)
)
}
Attribute getRegexMethod() { result = regexMethod }
}

13
python/ql/src/experimental/semmle/python/security/injection/RegexInjection.qll
View File

@@ -9,6 +9,19 @@ import semmle.python.dataflow.new.DataFlow
import semmle.python.dataflow.new.TaintTracking
import semmle.python.dataflow.new.RemoteFlowSources
class RegexInjectionSink extends DataFlow::Node {
Attribute regexMethod;
RegexInjectionSink() {
exists(RegexExecution reExec |
this = reExec.getRegexNode() and
regexMethod = reExec.getRegexMethod().getFunction().asExpr().(Attribute)
)
}
Attribute getRegexMethod() { result = regexMethod }
}
/**
* A taint-tracking configuration for detecting regular expression injections.
*/