hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 07:15:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

use more specefic Classes instead of Call

Browse Source
This commit is contained in:
am0o0
2024-07-30 18:07:03 +02:00
parent 591b1b4f07
commit 40eef25133
1 changed files with 5 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
java/ql/src/experimental/semmle/code/java/security/DecompressionBomb.qll
View File

@@ -56,8 +56,7 @@ module XerialSnappy {
*/
private class InputStreamAdditionalTaintStep extends DecompressionBomb::AdditionalStep {
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
exists(Call call |
// Constructors
exists(ConstructorCall call |
call.getCallee().getDeclaringType() instanceof TypeInputStream and
call.getArgument(0) = n1.asExpr() and
call = n2.asExpr()
@@ -153,8 +152,7 @@ module ApacheCommons {
private class CompressorsAndArchiversAdditionalTaintStep extends DecompressionBomb::AdditionalStep
{
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
exists(Call call |
// Constructors
exists(ConstructorCall call |
call.getCallee().getDeclaringType() instanceof TypeCompressors and
call.getArgument(0) = n1.asExpr() and
call = n2.asExpr()
@@ -207,8 +205,7 @@ module ApacheCommons {
private class CompressorsAndArchiversAdditionalTaintStep extends DecompressionBomb::AdditionalStep
{
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
exists(Call call |
// Constructors
exists(ConstructorCall call |
call.getCallee().getDeclaringType() instanceof TypeArchivers and
call.getArgument(0) = n1.asExpr() and
call = n2.asExpr()
@@ -247,8 +244,7 @@ module ApacheCommons {
private class CompressorsAndArchiversAdditionalTaintStep extends DecompressionBomb::AdditionalStep
{
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
exists(Call call |
// Constructors
exists(MethodCall call |
(
call.getCallee().getDeclaringType() instanceof TypeCompressors
or
@@ -309,8 +305,7 @@ module Zip4j {
private class CompressorsAndArchiversAdditionalTaintStep extends DecompressionBomb::AdditionalStep
{
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
exists(Call call |
// Constructors
exists(ConstructorCall call |
call.getCallee().getDeclaringType() instanceof TypeZipInputStream and
call.getArgument(0) = n1.asExpr() and
call = n2.asExpr()