hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Attempt to add MyBatis' sinks and taint steps to SQL and OGNL injection queries

Browse Source
This commit is contained in:
jorgectf
2022-03-09 04:21:26 +01:00
parent e000163614
commit 447636bf1c
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/lib/semmle/code/java/security/OgnlInjection.qll
View File

@@ -122,3 +122,13 @@ private class DefaultOgnlInjectionAdditionalTaintStep extends OgnlInjectionAddit
setExpressionStep(node1, node2)
}
}
private import semmle.code.java.frameworks.MyBatis::ProviderInjection
private class MyBatisOgnlInjectionSink extends OgnlInjectionSink instanceof MyBatisInjectionSink { }
private class MyBatisAbstractSQLOgnlInjectionStep extends OgnlInjectionAdditionalTaintStep {
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
any(MyBatisAbstractSQLStep step).step(node1, node2)
}
}

10
java/ql/lib/semmle/code/java/security/QueryInjection.qll
View File

@@ -66,3 +66,13 @@ private class MongoJsonStep extends AdditionalQueryInjectionTaintStep {
)
}
}
private import semmle.code.java.frameworks.MyBatis::ProviderInjection
private class MyBatisSqlInjectionSink extends QueryInjectionSink instanceof MyBatisInjectionSink { }
private class MyBatisAbstractSQLInjectionStep extends AdditionalQueryInjectionTaintStep {
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
any(MyBatisAbstractSQLStep step).step(node1, node2)
}
}