hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 05:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3214 from aibaars/base64

Browse Source 
Java: Add org.apache.commons.codec.(De|En)coder to TaintTrackingUtil
This commit is contained in:
Anders Schack-Mulligen
2020-05-06 09:21:18 +02:00
committed by GitHub
parent 63f04afa8d 31e284a707
commit 3b3ca6d41e
14 changed files with 667 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -434,7 +434,15 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {
or
(
method.getDeclaringType().hasQualifiedName("java.util", "Base64$Encoder") or
method.getDeclaringType().hasQualifiedName("java.util", "Base64$Decoder")
method.getDeclaringType().hasQualifiedName("java.util", "Base64$Decoder") or
method
.getDeclaringType()
.getASupertype*()
.hasQualifiedName("org.apache.commons.codec", "Encoder") or
method
.getDeclaringType()
.getASupertype*()
.hasQualifiedName("org.apache.commons.codec", "Decoder")
) and
(
method.getName() = "encode" and arg = 0 and method.getNumberOfParameters() = 1