hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add RequestForgerySanitizer

Browse Source
This commit is contained in:
Tony Torralba
2021-06-17 14:58:27 +02:00
parent 0c71393171
commit 3ec2c1308e
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/test/query-tests/security/CWE-749/UnsafeAndroidAccessTest.ql
View File

@@ -1,8 +1,9 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.FlowSources
import TestUtilities.InlineExpectationsTest
import semmle.code.java.security.RequestForgeryConfig
import semmle.code.java.security.UnsafeAndroidAccess
import TestUtilities.InlineExpectationsTest
class Conf extends TaintTracking::Configuration {
Conf() { this = "qltest:cwe:unsafe-android-access" }
@@ -10,6 +11,10 @@ class Conf extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof UrlResourceSink }
override predicate isSanitizer(DataFlow::Node sanitizer) {
sanitizer instanceof RequestForgerySanitizer
}
}
class UnsafeAndroidAccessTest extends InlineExpectationsTest {