hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Address review comments.

Browse Source
This commit is contained in:
Geoffrey White
2022-04-29 08:50:11 +01:00
parent 79d1ffc1d9
commit 33d499c12d
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cpp/ql/src/Security/CWE/CWE-611/XXE.ql
View File

@@ -59,8 +59,8 @@ class XercesDOMParserClass extends Class {
/**
* The `SAXParser` class.
*/
class SAXParser extends Class {
SAXParser() { this.hasName("SAXParser") }
class SAXParserClass extends Class {
SAXParserClass() { this.hasName("SAXParser") }
}
/**
@@ -112,7 +112,7 @@ class DisableDefaultEntityResolutionTranformer extends XXEFlowStateTranformer {
call.getTarget() = f and
(
f.getDeclaringType() instanceof AbstractDOMParserClass or
f.getDeclaringType() instanceof SAXParser
f.getDeclaringType() instanceof SAXParserClass
) and
f.hasName("setDisableDefaultEntityResolution") and
this = call.getQualifier() and
@@ -172,7 +172,7 @@ class CreateEntityReferenceNodesTranformer extends XXEFlowStateTranformer {
class ParseFunction extends Function {
ParseFunction() {
this.getClassAndName("parse") instanceof AbstractDOMParserClass or
this.getClassAndName("parse") instanceof SAXParser
this.getClassAndName("parse") instanceof SAXParserClass
}
}
@@ -213,9 +213,9 @@ class XXEConfiguration extends DataFlow::Configuration {
// source is the write on `this` of a call to the `SAXParser`
// constructor.
exists(CallInstruction call |
call.getStaticCallTarget() = any(SAXParserClass c).getAConstructor() and
node.asInstruction().(WriteSideEffectInstruction).getDestinationAddress() =
call.getThisArgument() and
call.getStaticCallTarget().(Constructor).getDeclaringType() instanceof SAXParser and
encodeXercesFlowState(flowstate, 0, 1) // default configuration
)
}