hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Java: Convert other sinks"

Browse Source 
This reverts commit 87d42b02c0.
This commit is contained in:
Tamas Vajk
2021-04-09 13:13:49 +02:00
parent 87d42b02c0
commit 351f35d9bc
17 changed files with 354 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
View File

@@ -16,7 +16,6 @@ import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.XSS
private import semmle.code.java.dataflow.ExternalFlow
/**
* One of the `printStackTrace()` overloads on `Throwable`.
@@ -38,12 +37,10 @@ class ServletWriterSourceToPrintStackTraceMethodFlowConfig extends TaintTracking
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ServletWriterSource }
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "print-stack-trace") }
}
private class PrintStackTraceSinkModel extends SinkModelCsv {
override predicate row(string row) {
row = ["java.lang;Throwable;true;printStackTrace;;;Argument;print-stack-trace"]
override predicate isSink(DataFlow::Node sink) {
exists(MethodAccess ma |
sink.asExpr() = ma.getAnArgument() and ma.getMethod() instanceof PrintStackTraceMethod
)
}
}