hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Deprecate the content of SqlTaintedLocalQuery and remove the local query variant.

Browse Source
This commit is contained in:
Michael Nebel
2024-05-01 10:33:46 +02:00
parent b68abab12a
commit 5b89bd23c7
7 changed files with 11 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/SqlTaintedLocalQuery.qll
View File

@@ -12,7 +12,7 @@ private import semmle.code.java.security.Sanitizers
* A taint-tracking configuration for reasoning about local user input that is
* used in a SQL query.
*/
module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {
deprecated module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
@@ -25,7 +25,9 @@ module LocalUserInputToQueryInjectionFlowConfig implements DataFlow::ConfigSig {
}
/**
* DEPRECATED: Use `QueryInjectionFlow` instead and configure threat model sources to include `local`.
*
* Taint-tracking flow for local user input that is used in a SQL query.
*/
module LocalUserInputToQueryInjectionFlow =
deprecated module LocalUserInputToQueryInjectionFlow =
TaintTracking::Global<LocalUserInputToQueryInjectionFlowConfig>;