hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 17:29:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Re-factor most queries and tests to use threat models.

Browse Source
This commit is contained in:
Michael Nebel
2023-10-04 14:01:58 +02:00
parent f0fb065446
commit 40e63a63e2
74 changed files with 105 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll
View File

@@ -37,7 +37,7 @@ deprecated class RequestForgeryConfiguration extends TaintTracking::Configuratio
*/
module RequestForgeryConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source instanceof RemoteFlowSource and
source instanceof ThreatModelFlowSource and
// Exclude results of remote HTTP requests: fetching something else based on that result
// is no worse than following a redirect returned by the remote server, and typically
// we're requesting a resource via https which we trust to only send us to safe URLs.