From 336eba1be496039ad068c4f680a146ab18f2dd69 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Tue, 16 Jun 2020 12:48:43 +0100
Subject: [PATCH] Add Hash.Write and similar as sanitizers

---
 ql/src/Security/CWE-640/EmailInjection.qll | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/ql/src/Security/CWE-640/EmailInjection.qll b/ql/src/Security/CWE-640/EmailInjection.qll
index 4cf8b382c98..726836ed922 100644
--- a/ql/src/Security/CWE-640/EmailInjection.qll
+++ b/ql/src/Security/CWE-640/EmailInjection.qll
@@ -24,6 +24,19 @@ module EmailInjection {
 
     override predicate isSource(DataFlow::Node source) { source instanceof Source }
 
+    override predicate isSanitizerOut(DataFlow::Node node) {
+      exists(DataFlow::CallNode call |
+        call.getTarget().hasQualifiedName("hash.Hash", "Write") and
+        (
+          call.getReceiver().getType().getName() = "Hash" or
+          call.getReceiver().getType().getName() = "Hash32" or
+          call.getReceiver().getType().getName() = "Hash64"
+        )
+      |
+        node = call.getArgument(0)
+      )
+    }
+
     override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
   }
 }