Java: Re-factor most queries and tests to use threat models.

2026-05-05 21:55:19 +02:00 · 2023-10-04 14:01:58 +02:00
parent f0fb065446
commit 40e63a63e2
74 changed files with 105 additions and 91 deletions
--- a/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/XPathInjectionQuery.qll
@@ -9,7 +9,7 @@ private import semmle.code.java.security.XPath
 * A taint-tracking configuration for reasoning about XPath injection vulnerabilities.
 */
 module XPathInjectionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }

  predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
 }