Improve envvar injection

2026-05-03 12:45:27 +02:00 · 2024-04-08 17:12:00 +02:00
parent 45a51a9f74
commit 31a1ea9593
10 changed files with 229 additions and 15 deletions
--- a/ql/src/Security/CWE-077/EnvVarInjection.ql
+++ b/ql/src/Security/CWE-077/EnvVarInjection.ql
@@ -29,4 +29,4 @@ where
  )
 select sink.getNode(), source, sink,
  "Potential environment variable injection in $@, which may be controlled by an external user.",
-  sink, sink.getNode().asExpr().(Expression).getRawExpression()
+  sink, sink.getNode().toString()
--- a/ql/src/Security/CWE-077/PrivilegedEnvVarInjection.ql
+++ b/ql/src/Security/CWE-077/PrivilegedEnvVarInjection.ql
@@ -25,4 +25,4 @@ where
  )
 select sink.getNode(), source, sink,
  "Potential privileged environment variable injection in $@, which may be controlled by an external user.",
-  sink, sink.getNode().asExpr().(Expression).getRawExpression()
+  sink, sink.getNode().toString()