hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

use $ SPURIOUS: instead of "this test gives a FP"

Browse Source
This commit is contained in:
am0o0
2024-07-30 17:53:23 +02:00
parent 9662950405
commit 591b1b4f07
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/test/experimental/query-tests/security/CWE-522-DecompressionBombs/Zip4jHandler.java
View File

@@ -33,7 +33,7 @@ public class Zip4jHandler {
File extractedFile = new File(localFileHeader.getFileName());
try (OutputStream outputStream = new FileOutputStream(extractedFile)) {
int totallRead = 0;
while ((readLen = zipInputStream.read(readBuffer)) != -1) { // $ hasTaintFlow="zipInputStream" "this test gives a FP"
while ((readLen = zipInputStream.read(readBuffer)) != -1) { // $ SPURIOUS: hasTaintFlow="zipInputStream"
totallRead += readLen;
if (totallRead > 1024 * 1024 * 4) {
System.out.println("potential Bomb");