hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix SqlConcatenated

Browse Source
This commit is contained in:
Ed Minnix
2023-03-27 13:06:31 -04:00
parent fcd53a8555
commit 3d033fd727
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
View File

@@ -48,6 +48,6 @@ where
UncontrolledStringBuilderSourceFlow::flow(DataFlow::exprNode(sbv.getToStringCall()), query)
)
) and
not queryTaintedBy(query, _, _)
not queryIsTaintedBy(query, _, _)
select query, "Query built by concatenation with $@, which may be untrusted.", uncontrolled,
"this expression"