hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

inheritance fix

Browse Source
This commit is contained in:
Nati Pesaresi
2021-09-24 17:14:45 -03:00
parent ba552251e9
commit 1de0b0401a
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ql/src/experimental/CWE-918/SSRF.qll
View File

@@ -152,11 +152,22 @@ module ServerSideRequestForgery {
* the binding function to run some validations for that field. If these binding functions returns
* no error, then we consider these fields safe for SSRF.
*/
class BodySanitizer extends Sanitizer, BodyTagSanitizer { }
class BodySanitizer extends Sanitizer {
BodySanitizer(){
this instanceof BodyTagSanitizer
}
}
/**
* The method Var of package validator is a sanitizer guard only if the check
* of the error binding exists, and the tag to check is one of "alpha", "alphanum", "alphaunicode", "alphanumunicode", "number", "numeric".
*/
class ValidatorAsSanitizer extends SanitizerGuard, ValidatorVarCheck { }
class ValidatorAsSanitizer extends SanitizerGuard {
ValidatorAsSanitizer(){
this instanceof ValidatorVarCheck
}
override predicate checks(Expr e, boolean branch) {
this.checks(e, branch)
}
}
}