hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-21 22:57:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Small update to SafeExternalApiMethodCharacteristic

Browse Source
This commit is contained in:
tiferet
2023-01-03 15:37:23 -08:00
parent fd75952c1e
commit 3987d8d374
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
View File

@@ -320,8 +320,9 @@ private class IsSanitizerCharacteristic extends NotASinkCharacteristic {
}
/**
* An EndpointFilterCharacteristic that indicates that an endpoint is a sanitizer for some sink type. A sanitizer can
* never be a sink.
* An EndpointFilterCharacteristic that indicates that an endpoint is an argument to a safe external API method.
*
* Based on java/ql/lib/semmle/code/java/security/ExternalAPIs.qll.
*
* TODO: Is this correct?
*/
@@ -330,7 +331,7 @@ private class SafeExternalApiMethodCharacteristic extends NotASinkCharacteristic
override predicate appliesToEndpoint(DataFlow::Node n) {
exists(Expr::Call call |
n.asExpr() = call.getArgument(_) and
n.asExpr() = call.getAnArgument() and
call.getCallee() instanceof ExternalAPIs::SafeExternalApiMethod
)
}