hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-17 21:14:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Diff-informed CommandLineQuery

Browse Source
This commit is contained in:
Jonas Jensen
2024-10-04 19:19:37 +02:00
parent 40529d1e51
commit 2561cec80c
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/lib/semmle/code/java/security/CommandLineQuery.qll
View File

@@ -58,6 +58,13 @@ module InputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
any(CommandInjectionAdditionalTaintStep s).step(n1, n2)
}
// It's valid to use diff-informed data flow for this configuration because
// the location of the selected element in the query is contained inside the
// location of the sink. The query, as a predicate, is used negated in
// another query, but that's only to prevent overlapping results between two
// queries.
predicate observeDiffInformedIncrementalMode() { any() }
}
/**