hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 06:36:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: update groovy sink kind to groovy-injection

Browse Source
This commit is contained in:
Jami Cogswell
2023-05-30 12:58:56 -04:00
parent 430010daa3
commit 6431d370c1
5 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -275,7 +275,7 @@ module ModelValidation {
not kind =
[
"open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection",
"mvel", "xpath-injection", "groovy", "xss", "ognl-injection", "intent-start",
"mvel", "xpath-injection", "groovy-injection", "xss", "ognl-injection", "intent-start",
"pending-intent-sent", "url-redirection", "create-file", "read-file", "write-file",
"set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl",
"bean-validation", "template-injection", "fragment-injection", "command-injection"

2
java/ql/lib/semmle/code/java/security/GroovyInjection.qll
View File

@@ -21,7 +21,7 @@ class GroovyInjectionAdditionalTaintStep extends Unit {
}
private class DefaultGroovyInjectionSink extends GroovyInjectionSink {
DefaultGroovyInjectionSink() { sinkNode(this, "groovy") }
DefaultGroovyInjectionSink() { sinkNode(this, "groovy-injection") }
}
/** A set of additional taint steps to consider when taint tracking Groovy related data flows. */