hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move RemoteSource and LocalSource to UnsafeDeserialization.qll

Browse Source
This commit is contained in:
edvraa
2021-04-21 13:27:26 +03:00
parent c3deb48efa
commit 3ac5f7bb18
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
View File

@@ -13,16 +13,6 @@
import csharp
import semmle.code.csharp.security.dataflow.UnsafeDeserialization::UnsafeDeserialization
import DataFlow::PathGraph
import semmle.code.csharp.security.dataflow.flowsources.Remote
import semmle.code.csharp.security.dataflow.flowsources.Local
class RemoteSource extends Source {
RemoteSource() { this instanceof RemoteFlowSource }
}
class LocalSource extends Source {
LocalSource() { this instanceof LocalFlowSource }
}
from DataFlow::PathNode userInput, DataFlow::PathNode deserializeCallArg
where

10
csharp/ql/src/semmle/code/csharp/security/dataflow/UnsafeDeserialization.qll
View File

@@ -8,6 +8,8 @@ import csharp
module UnsafeDeserialization {
private import semmle.code.csharp.serialization.Deserializers
private import semmle.code.csharp.dataflow.TaintTracking2
private import semmle.code.csharp.security.dataflow.flowsources.Remote
private import semmle.code.csharp.security.dataflow.flowsources.Local
/**
* A data flow source for unsafe deserialization vulnerabilities.
@@ -43,6 +45,14 @@ module UnsafeDeserialization {
*/
abstract class Sanitizer extends DataFlow::Node { }
class RemoteSource extends Source {
RemoteSource() { this instanceof RemoteFlowSource }
}
class LocalSource extends Source {
LocalSource() { this instanceof LocalFlowSource }
}
/**
* User input to object method call deserialization flow tracking.
*/