hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor DatabaseInput to MaD

Browse Source
This commit is contained in:
Edward Minnix III
2023-09-02 13:30:48 -04:00
committed by Ed Minnix
parent 655470f3da
commit 3a75c0fde7
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/lib/ext/java.sql.model.yml
View File

@@ -45,3 +45,8 @@ extensions:
- ["java.sql", "ResultSet", "getTimestamp", "(String)", "summary", "manual"] # taint-numeric
- ["java.sql", "Timestamp", "Timestamp", "(long)", "summary", "manual"] # taint-numeric
- ["java.sql", "Timestamp", "getTime", "()", "summary", "manual"] # taint-numeric
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["java.sql", "ResultSet", True, "getString", "", "", "ReturnValue", "database", "manual"]

2
java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -286,7 +286,7 @@ deprecated class DatabaseInput = DbInput;
* A node with input from a database.
*/
private class DbInput extends LocalUserInput {
DbInput() { this.asExpr().(MethodAccess).getMethod() instanceof ResultSetGetStringMethod }
DbInput() { sourceNode(this, "database") }
override string getThreatModel() { result = "database" }
}