hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Improve API and representation of taint tracking nodes. Update queries and tests accordingly.

Browse Source
This commit is contained in:
Mark Shannon
2018-11-23 12:18:56 +00:00
parent c01db23f58
commit 61bd8682df
20 changed files with 190 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/src/Security/CWE-601/UrlRedirect.ql
View File

@@ -28,8 +28,7 @@ class UntrustedPrefixStringKind extends UntrustedStringKind {
}
from TaintedNode srcnode, TaintedNode sinknode, TaintSource src, TaintSink sink
where src.flowsToSink(sink) and srcnode.getNode() = src and sinknode.getNode() = sink
select sink, srcnode, sinknode, "Untrusted URL redirection due to $@.", src, "a user-provided value"
from TaintedPathSource src, TaintedPathSink sink
where src.flowsTo(sink)
select sink.getSink(), src, sink, "Untrusted URL redirection due to $@.", src.getSource(), "a user-provided value"