hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modify isAdditionalTaintStep

Browse Source
This commit is contained in:
haby0
2021-06-17 09:12:06 +08:00
parent a71757f0f4
commit 2b77f7d1bc
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql
View File

@@ -12,7 +12,6 @@
import java
import JShellInjection
import semmle.code.java.dataflow.DataFlow2
import semmle.code.java.dataflow.FlowSources
import DataFlow::PathGraph
@@ -24,12 +23,12 @@ class JShellInjectionConfiguration extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof JShellInjectionSink }
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(
SourceCodeAnalysisAnalyzeCompletionCall scaacc, CompletionInfoSourceOrRemainingCall cisorc
|
scaacc.getArgument(0) = pred.asExpr() and
cisorc = succ.asExpr() and
DataFlow2::localExprFlow(scaacc, cisorc.getQualifier())
exists(SourceCodeAnalysisAnalyzeCompletionCall scaacc |
scaacc.getArgument(0) = pred.asExpr() and scaacc = succ.asExpr()
)
or
exists(CompletionInfoSourceOrRemainingCall cisorc |
cisorc.getQualifier() = pred.asExpr() and cisorc = succ.asExpr()
)
}
}