hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add experimental variants of java/xxe, incorporating new sinks and a version that uses local sources.

Browse Source 
Originally authored by @haby0, squashed to clean up a tangled commit history.
This commit is contained in:
Chris Smowton
2021-09-10 13:49:31 +01:00
parent db78e3a7da
commit 2d03840fde
15 changed files with 702 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/XmlParsers.qll
View File

@@ -950,7 +950,11 @@ class TransformerFactoryConfig extends TransformerConfig {
}
}
private class SafeTransformerFactoryFlowConfig extends DataFlow3::Configuration {
/**
* A dataflow configuration that identifies `TransformerFactory` and `SAXTransformerFactory`
* instances that have been safely configured.
*/
class SafeTransformerFactoryFlowConfig extends DataFlow3::Configuration {
SafeTransformerFactoryFlowConfig() { this = "XmlParsers::SafeTransformerFactoryFlowConfig" }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeTransformerFactory }