hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix conditionControlsMethod predicate

Browse Source 
Exceptions for throw and return statements were missing the appropriate condition
This commit is contained in:
Tony Torralba
2021-09-15 17:51:36 +02:00
parent 4e93330cb9
commit 21079a1315
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/semmle/code/java/security/ConditionalBypassQuery.qll
View File

@@ -17,8 +17,8 @@ predicate conditionControlsMethod(MethodAccess ma, Expr e) {
cb.controls(ma.getBasicBlock(), cond) and
not cb.controls(any(SensitiveExecutionMethod sem).getAReference().getBasicBlock(),
cond.booleanNot()) and
not cb.controls(any(ThrowStmt t).getBasicBlock(), _) and
not cb.controls(any(ReturnStmt r).getBasicBlock(), _) and
not cb.controls(any(ThrowStmt t).getBasicBlock(), cond.booleanNot()) and
not cb.controls(any(ReturnStmt r).getBasicBlock(), cond.booleanNot()) and
e = cb.getCondition()
)
}