hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor logInjectionGuard part 2

Browse Source
This commit is contained in:
Owen Mansel-Chan
2026-02-14 01:26:46 +00:00
parent 6c0c1d558e
commit 60e58f8219
1 changed files with 16 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
java/ql/lib/semmle/code/java/security/LogInjection.qll
View File

@@ -103,35 +103,26 @@ private predicate logInjectionGuard(Guard g, Expr e, boolean branch) {
branch = false
)
or
exists(MethodCall ma, CompileTimeConstantExpr target |
ma = g and
target = ma.getArgument(0)
exists(RegexMatch rm, CompileTimeConstantExpr target |
rm = g and
target = rm.getRegex() and
e = rm.getString()
|
ma.getMethod().hasName("matches") and
// Allow anything except line breaks
(
ma.getMethod().getDeclaringType() instanceof TypeString and
e = ma.getQualifier()
not target.getStringValue().matches("%[^%]%") and
not target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
or
ma.getMethod().getDeclaringType().hasQualifiedName("java.util.regex", "Pattern") and
e = ma.getArgument(1)
target.getStringValue().matches("%[^%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%]%")
) and
branch = true
or
// Disallow line breaks
(
// Allow anything except line breaks
(
not target.getStringValue().matches("%[^%]%") and
not target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
or
target.getStringValue().matches("%[^%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%]%")
) and
branch = true
or
// Disallow line breaks
(
not target.getStringValue().matches("%[^%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%]%") and
// Assuming a regex containing line breaks is correctly matching line breaks in a string
target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
) and
branch = false
)
not target.getStringValue().matches("%[^%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%]%") and
// Assuming a regex containing line breaks is correctly matching line breaks in a string
target.getStringValue().matches("%" + ["\n", "\r", "\\n", "\\r", "\\R"] + "%")
) and
branch = false
)
}