hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Decouple GrovyInjection.qll to reuse the taint tracking configuration

Browse Source
This commit is contained in:
Tony Torralba
2021-07-19 12:53:37 +02:00
parent b08f417a1e
commit 441e8afe81
5 changed files with 68 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
View File

@@ -11,27 +11,9 @@
*/
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.GroovyInjection
import semmle.code.java.security.GroovyInjectionQuery
import DataFlow::PathGraph
/**
* A taint-tracking configuration for unsafe user input
* that is used to evaluate a Groovy expression.
*/
class GroovyInjectionConfig extends TaintTracking::Configuration {
GroovyInjectionConfig() { this = "GroovyInjectionConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof GroovyInjectionSink }
override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
any(GroovyInjectionAdditionalTaintStep c).step(fromNode, toNode)
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, GroovyInjectionConfig conf
where conf.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Groovy Injection from $@.", source.getNode(),