hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Removed @kind path-problem in comment. Added text message in select.

Browse Source
This commit is contained in:
masterofnow
2023-11-13 08:27:07 +08:00
parent 20592352d0
commit 532f6a5b0c
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql
View File

@@ -4,7 +4,6 @@
* package signature but only rely on package name.
* This makes it susceptible to package namespace squatting
* potentially leading to arbitrary code execution.
* @kind path-problem
* @problem.severity error
* @precision high
* @id java/unsafe-reflection
@@ -59,16 +58,13 @@ from
where
maCreatePackageContext.getCallee().getDeclaringType().getQualifiedName() = "android.content.ContextWrapper" and
maCreatePackageContext.getCallee().getName() = "createPackageContext" and
not isSignaturesChecked(maCreatePackageContext) and
lvdePackageContext.getEnclosingStmt() = maCreatePackageContext.getEnclosingStmt() and
TaintTracking::localTaint(DataFlow::exprNode(lvdePackageContext.getAnAccess()), sinkPackageContext) and
doesPackageContextLeadToInvokeMethod(sinkPackageContext, maInvoke)
select
lvdePackageContext,
sinkPackageContext,
maInvoke,
maCreatePackageContext.getArgument(0)
"Potential arbitary code execution due to class loading without package signature checking."