hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: add sanitizer to command injection query

Browse Source
This commit is contained in:
Kristen Newbury
2023-08-21 12:20:04 -04:00
parent 6d85d0d0f7
commit 5e01e1d464
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/security/CommandLineQuery.qll
View File

@@ -42,6 +42,8 @@ private class DefaultCommandInjectionSanitizer extends CommandInjectionSanitizer
or
this.getType() instanceof BoxedType
or
this.getType() instanceof NumberType
or
isSafeCommandArgument(this.asExpr())
}
}