Java: Re-factor most queries and tests to use threat models.

2026-05-05 21:55:19 +02:00 · 2023-10-04 14:01:58 +02:00
parent f0fb065446
commit 40e63a63e2
74 changed files with 105 additions and 91 deletions
--- a/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll
@@ -28,7 +28,7 @@ deprecated class FragmentInjectionTaintConf extends TaintTracking::Configuration
 * that is used to create Android fragments dynamically.
 */
 module FragmentInjectionTaintConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node sink) { sink instanceof FragmentInjectionSink }