hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor PartialPathTraversal

Browse Source
This commit is contained in:
Ed Minnix
2023-03-21 18:01:57 -04:00
parent f8e26f1571
commit 469ac80d40
3 changed files with 37 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
View File

@@ -11,10 +11,12 @@
*/
import semmle.code.java.security.PartialPathTraversalQuery
import DataFlow::PathGraph
import PartialPathTraversalFromRemoteFlow::PathGraph
from DataFlow::PathNode source, DataFlow::PathNode sink
where any(PartialPathTraversalFromRemoteConfig config).hasFlowPath(source, sink)
from
PartialPathTraversalFromRemoteFlow::PathNode source,
PartialPathTraversalFromRemoteFlow::PathNode sink
where PartialPathTraversalFromRemoteFlow::flowPath(source, sink)
select sink.getNode(), source, sink,
"Partial Path Traversal Vulnerability due to insufficient guard against path traversal from $@.",
source, "user-supplied data"