hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add apache Base64 taint steps.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2020-03-18 10:54:40 +01:00
parent 93c6f8f1f7
commit 396678fd55
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -445,6 +445,13 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {
method.getName() = "wrap" and arg = 0
)
or
method.getDeclaringType().hasQualifiedName("org.apache.commons.codec.binary", "Base64") and
(
method.getName() = "decodeBase64" and arg = 0
or
method.getName().matches("encodeBase64%") and arg = 0
)
or
method.getDeclaringType().hasQualifiedName("org.apache.commons.io", "IOUtils") and
(
method.getName() = "buffer" and arg = 0