hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Extract Ldap injection sanitizers to importable lib

Browse Source 
This includes a new abstract class that represents all the Ldap injection
santizers and can be used to add additional santizers through
extension.
This commit is contained in:
Remco Vermeulen
2020-07-21 14:51:58 +02:00
parent 0d5f9113a3
commit 57e7411c0a
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll
View File

@@ -13,9 +13,7 @@ class LdapInjectionFlowConfig extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof LdapInjectionSink }
override predicate isSanitizer(DataFlow::Node node) {
node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
}
override predicate isSanitizer(DataFlow::Node node) { node instanceof LdapInjectionSanitizer }
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
ldapNameStep(node1, node2) or