hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Use TaintTracking2 in cs/inappropriate-encoding

Browse Source
This commit is contained in:
Tom Hvitved
2019-08-19 17:18:49 +02:00
parent 2a2e07d2fc
commit 1e46509a2a
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql
View File

@@ -11,7 +11,6 @@
*/
import csharp
import DataFlow
import semmle.code.csharp.frameworks.System
import semmle.code.csharp.frameworks.system.Net
import semmle.code.csharp.frameworks.system.Web
@@ -20,13 +19,15 @@ import semmle.code.csharp.security.dataflow.SqlInjection
import semmle.code.csharp.security.dataflow.XSS
import semmle.code.csharp.security.dataflow.UrlRedirect
import semmle.code.csharp.security.Sanitizers
import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
import semmle.code.csharp.dataflow.DataFlow2::DataFlow2
import semmle.code.csharp.dataflow.DataFlow2::DataFlow2::PathGraph
import semmle.code.csharp.dataflow.TaintTracking2
/**
* A configuration for specifying expressions that must be
* encoded, along with a set of potential valid encoded values.
*/
abstract class RequiresEncodingConfiguration extends TaintTracking::Configuration {
abstract class RequiresEncodingConfiguration extends TaintTracking2::Configuration {
bindingset[this]
RequiresEncodingConfiguration() { any() }