hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
haby0
2021-04-10 09:26:32 +08:00
committed by GitHub
parent a5ebe8c600
commit 650446f761
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
View File

@@ -39,8 +39,8 @@ class VerificationMethodFlowConfig extends TaintTracking2::Configuration {
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
exists(MethodAccess ma, BarrierGuard bg, int i, VerificationMethodToIfFlowConfig vmtifc |
ma = bg
exists(MethodAccess ma, int i, VerificationMethodToIfFlowConfig vmtifc |
ma instanceof BarrierGuard
|
(
ma.getMethod().getParameter(i).getName().regexpMatch("(?i).*(token|auth|referer|origin).*")