Moved from experimental

2025-12-20 18:56:32 +01:00 · 2021-05-03 13:15:24 +02:00
parent 38e052482c
commit 4bfd34b1fe
12 changed files with 7 additions and 6 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.ql
@@ -13,7 +13,8 @@
 import java
 import JexlInjectionLib
 import DataFlow::PathGraph
-import FlowUtils
+import semmle.code.java.dataflow.FlowSources
+//import FlowUtils

 /**
 * A taint-tracking configuration for unsafe user input
@@ -28,8 +29,8 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
  override predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink }

  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(JexlInjectionAdditionalTaintStep c).step(node1, node2) or
-    hasGetterFlow(node1, node2)
+    any(JexlInjectionAdditionalTaintStep c).step(node1, node2) /*or
+    hasGetterFlow(node1, node2)*/
  }
 }

--- a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll