hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve csv sink models

Browse Source
This commit is contained in:
Tony Torralba
2021-07-29 15:36:18 +02:00
parent 3edc8bc679
commit 2628d3dc39
1 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
java/ql/src/semmle/code/java/security/OgnlInjection.qll
View File

@@ -28,21 +28,21 @@ private class DefaultOgnlInjectionSinkModel extends SinkModelCsv {
override predicate row(string row) {
row =
[
"org.apache.commons.ognl;Ognl;false;getValue;;;Argument[-1..0];ognl-injection",
"org.apache.commons.ognl;Ognl;false;setValue;;;Argument[-1..0];ognl-injection",
"org.apache.commons.ognl;Node;false;getValue;;;Argument[-1..0];ognl-injection",
"org.apache.commons.ognl;Node;false;setValue;;;Argument[-1..0];ognl-injection",
"org.apache.commons.ognl;Ognl;false;getValue;;;Argument[0];ognl-injection",
"org.apache.commons.ognl;Ognl;false;setValue;;;Argument[0];ognl-injection",
"org.apache.commons.ognl;Node;true;getValue;;;Argument[-1];ognl-injection",
"org.apache.commons.ognl;Node;true;setValue;;;Argument[-1];ognl-injection",
"org.apache.commons.ognl.enhance;ExpressionAccessor;true;get;;;Argument[-1];ognl-injection",
"org.apache.commons.ognl.enhance;ExpressionAccessor;true;set;;;Argument[-1];ognl-injection",
"ognl;Ognl;false;getValue;;;Argument[-1..0];ognl-injection",
"ognl;Ognl;false;setValue;;;Argument[-1..0];ognl-injection",
"ognl;Node;false;getValue;;;Argument[-1..0];ognl-injection",
"ognl;Node;false;setValue;;;Argument[-1..0];ognl-injection",
"ognl;Ognl;false;getValue;;;Argument[0];ognl-injection",
"ognl;Ognl;false;setValue;;;Argument[0];ognl-injection",
"ognl;Node;false;getValue;;;Argument[-1];ognl-injection",
"ognl;Node;false;setValue;;;Argument[-1];ognl-injection",
"ognl.enhance;ExpressionAccessor;true;get;;;Argument[-1];ognl-injection",
"ognl.enhance;ExpressionAccessor;true;set;;;Argument[-1];ognl-injection",
"com.opensymphony.xwork2.ognl;OgnlUtil;false;getValue;;;Argument[-1..0];ognl-injection",
"com.opensymphony.xwork2.ognl;OgnlUtil;false;setValue;;;Argument[-1..0];ognl-injection",
"com.opensymphony.xwork2.ognl;OgnlUtil;false;callMethod;;;Argument[-1..0];ognl-injection"
"com.opensymphony.xwork2.ognl;OgnlUtil;false;getValue;;;Argument[0];ognl-injection",
"com.opensymphony.xwork2.ognl;OgnlUtil;false;setValue;;;Argument[0];ognl-injection",
"com.opensymphony.xwork2.ognl;OgnlUtil;false;callMethod;;;Argument[0];ognl-injection"
]
}
}
@@ -91,12 +91,12 @@ private predicate parseCompileExpressionStep(DataFlow::Node n1, DataFlow::Node n
*/
private predicate getAccessorStep(DataFlow::Node n1, DataFlow::Node n2) {
exists(MethodAccess ma, Method m |
n1.asExpr() = ma.getQualifier() and
n2.asExpr() = ma and
ma.getMethod() = m and
m.getDeclaringType().getASupertype*() instanceof TypeNode
|
m.getDeclaringType().getASupertype*() instanceof TypeNode and
m.hasName("getAccessor")
|
n1.asExpr() = ma.getQualifier() and
n2.asExpr() = ma
)
}
@@ -106,12 +106,12 @@ private predicate getAccessorStep(DataFlow::Node n1, DataFlow::Node n2) {
*/
private predicate setExpressionStep(DataFlow::Node n1, DataFlow::Node n2) {
exists(MethodAccess ma, Method m |
n1.asExpr() = ma.getArgument(0) and
n2.(PostUpdateNode).getPreUpdateNode().asExpr() = ma.getQualifier() and
ma.getMethod() = m and
m.hasName("setExpression") and
m.getDeclaringType().getASupertype*() instanceof TypeExpressionAccessor
|
m.hasName("setExpression")
n1.asExpr() = ma.getArgument(0) and
n2.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = ma.getQualifier()
)
}