hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Clean up.

Browse Source
This commit is contained in:
Geoffrey White
2022-05-16 12:49:01 +01:00
parent b332659fcb
commit 19d1578733
1 changed files with 23 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
cpp/ql/src/Security/CWE/CWE-611/Xerces.qll
View File

@@ -99,19 +99,6 @@ class CreateXmlReader extends Function {
}
}
/**
* The `AbstractDOMParser.parse`, `DOMLSParserClass.parse`, `SAXParser.parse`
* or `SAX2XMLReader.parse` method.
*/
class ParseFunction extends Function {
ParseFunction() {
this.getClassAndName("parse") instanceof AbstractDOMParserClass or
this.getClassAndName("parse") instanceof DomLSParserClass or
this.getClassAndName("parse") instanceof SaxParserClass or
this.getClassAndName("parse") instanceof Sax2XmlReader
}
}
/**
* The `XercesDOMParser` interface for the Xerces XML library.
*/
@@ -130,9 +117,9 @@ class XercesDomParserLibrary extends XmlLibrary {
}
override predicate configurationSink(DataFlow::Node node, string flowstate) {
// sink is the read of the qualifier of a call to `parse`.
// sink is the read of the qualifier of a call to `AbstractDOMParser.parse`.
exists(Call call |
call.getTarget() instanceof ParseFunction and
call.getTarget().getClassAndName("parse") instanceof AbstractDOMParserClass and
call.getQualifier() = node.asConvertedExpr()
) and
flowstate instanceof XercesFlowState and
@@ -156,7 +143,13 @@ class CreateLSParserLibrary extends XmlLibrary {
}
override predicate configurationSink(DataFlow::Node node, string flowstate) {
none() // uses the existing sinks from `XercesDomParserLibrary`
// sink is the read of the qualifier of a call to `DOMLSParserClass.parse`.
exists(Call call |
call.getTarget().getClassAndName("parse") instanceof DomLSParserClass and
call.getQualifier() = node.asConvertedExpr()
) and
flowstate instanceof XercesFlowState and
not encodeXercesFlowState(flowstate, 1, 1) // safe configuration
}
}
@@ -178,7 +171,13 @@ class SaxParserLibrary extends XmlLibrary {
}
override predicate configurationSink(DataFlow::Node node, string flowstate) {
none() // uses the existing sinks from `XercesDomParserLibrary`
// sink is the read of the qualifier of a call to `SAXParser.parse`.
exists(Call call |
call.getTarget().getClassAndName("parse") instanceof SaxParserClass and
call.getQualifier() = node.asConvertedExpr()
) and
flowstate instanceof XercesFlowState and
not encodeXercesFlowState(flowstate, 1, 1) // safe configuration
}
}
@@ -198,7 +197,13 @@ class Sax2XmlReaderLibrary extends XmlLibrary {
}
override predicate configurationSink(DataFlow::Node node, string flowstate) {
none() // uses the existing sinks from `XercesDomParserLibrary`
// sink is the read of the qualifier of a call to `SAX2XMLReader.parse`.
exists(Call call |
call.getTarget().getClassAndName("parse") instanceof Sax2XmlReader and
call.getQualifier() = node.asConvertedExpr()
) and
flowstate instanceof XercesFlowState and
not encodeXercesFlowState(flowstate, 1, 1) // safe configuration
}
}