hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Moved from experimental

Browse Source
This commit is contained in:
Tony Torralba
2021-05-03 13:15:24 +02:00
parent 38e052482c
commit 4bfd34b1fe
12 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp → java/ql/src/Security/CWE/CWE-094/JexlInjection.qhelp
View File

7
java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.ql → java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
View File

@@ -13,7 +13,8 @@
import java
import JexlInjectionLib
import DataFlow::PathGraph
import FlowUtils
import semmle.code.java.dataflow.FlowSources
//import FlowUtils
/**
* A taint-tracking configuration for unsafe user input
@@ -28,8 +29,8 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink }
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
any(JexlInjectionAdditionalTaintStep c).step(node1, node2) or
hasGetterFlow(node1, node2)
any(JexlInjectionAdditionalTaintStep c).step(node1, node2) /*or
hasGetterFlow(node1, node2)*/
}
}

0
java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll → java/ql/src/Security/CWE/CWE-094/JexlInjectionLib.qll
View File

1
java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.qlref
View File

@@ -1 +0,0 @@
experimental/Security/CWE/CWE-094/JexlInjection.ql

2
java/ql/test/experimental/query-tests/security/CWE-094/options
View File

@@ -1,2 +1,2 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/apache-commons-logging-1.2
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4

0
java/ql/test/experimental/query-tests/security/CWE-094/Jexl2Injection.java → java/ql/test/query-tests/security/CWE-094/Jexl2Injection.java
View File

0
java/ql/test/experimental/query-tests/security/CWE-094/Jexl3Injection.java → java/ql/test/query-tests/security/CWE-094/Jexl3Injection.java
View File

0
java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.expected → java/ql/test/query-tests/security/CWE-094/JexlInjection.expected
View File

1
java/ql/test/query-tests/security/CWE-094/JexlInjection.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-094/JexlInjection.ql

0
java/ql/test/experimental/query-tests/security/CWE-094/SandboxedJexl2.java → java/ql/test/query-tests/security/CWE-094/SandboxedJexl2.java
View File

0
java/ql/test/experimental/query-tests/security/CWE-094/SandboxedJexl3.java → java/ql/test/query-tests/security/CWE-094/SandboxedJexl3.java
View File

2
java/ql/test/query-tests/security/CWE-094/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/validation-api-2.0.1.Final
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../stubs/apache-commons-logging-1.2