hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 22:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: update logging sink kind to log-injection

Browse Source
This commit is contained in:
Jami Cogswell
2023-05-09 12:02:09 -04:00
parent 8c4b394e1a
commit 430010daa3
15 changed files with 851 additions and 851 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -274,8 +274,8 @@ module ModelValidation {
exists(string kind | sinkModel(_, _, _, _, _, _, _, kind, _) |
not kind =
[
"open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "logging", "mvel",
"xpath-injection", "groovy", "xss", "ognl-injection", "intent-start",
"open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection",
"mvel", "xpath-injection", "groovy", "xss", "ognl-injection", "intent-start",
"pending-intent-sent", "url-redirection", "create-file", "read-file", "write-file",
"set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl",
"bean-validation", "template-injection", "fragment-injection", "command-injection"

2
java/ql/lib/semmle/code/java/security/LogInjection.qll
View File

@@ -27,7 +27,7 @@ class LogInjectionAdditionalTaintStep extends Unit {
}
private class DefaultLogInjectionSink extends LogInjectionSink {
DefaultLogInjectionSink() { sinkNode(this, "logging") }
DefaultLogInjectionSink() { sinkNode(this, "log-injection") }
}
private class DefaultLogInjectionSanitizer extends LogInjectionSanitizer {

4
java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
View File

@@ -35,7 +35,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati
override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") }
override predicate isSanitizer(DataFlow::Node sanitizer) {
sanitizer.asExpr() instanceof LiveLiteral or
@@ -52,7 +52,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati
module SensitiveLoggerConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }
predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") }
predicate isBarrier(DataFlow::Node sanitizer) {
sanitizer.asExpr() instanceof LiveLiteral or