hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tidy sanitizers, using instanceof not extends or a charpred where possible

Browse Source
This commit is contained in:
Chris Smowton
2021-11-04 16:26:14 +00:00
parent 23855979d5
commit 233269869c
1 changed files with 2 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ql/src/experimental/CWE-918/SSRF.qll
View File

@@ -152,17 +152,13 @@ module ServerSideRequestForgery {
* the binding function to run some validations for that field. If these binding functions returns
* no error, then we consider these fields safe for SSRF.
*/
class BodySanitizer extends Sanitizer {
BodySanitizer() { this instanceof CheckedAlphanumericStructFieldRead }
}
class BodySanitizer extends Sanitizer instanceof CheckedAlphanumericStructFieldRead { }
/**
* The method Var of package validator is a sanitizer guard only if the check
* of the error binding exists, and the tag to check is one of "alpha", "alphanum", "alphaunicode", "alphanumunicode", "number", "numeric".
*/
class ValidatorAsSanitizer extends SanitizerGuard {
ValidatorAsSanitizer() { this instanceof ValidatorVarCheck }
class ValidatorAsSanitizer extends SanitizerGuard instanceof ValidatorVarCheck {
override predicate checks(Expr e, boolean branch) { this.checks(e, branch) }
}
}