hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
This commit is contained in:
Tony Torralba
2021-07-20 14:47:16 +02:00
committed by GitHub
parent 70081b6a1e
commit 68df8028d2
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/semmle/code/java/security/MvelInjection.qll
View File

@@ -1,8 +1,8 @@
/** Provides classes to reason about MVEL injection attacks. */
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.ExternalFlow
private import semmle.code.java.dataflow.DataFlow
private import semmle.code.java.dataflow.ExternalFlow
/** A data flow sink for unvalidated user input that is used to construct MVEL expressions. */
abstract class MvelEvaluationSink extends DataFlow::Node { }
@@ -184,7 +184,7 @@ private predicate templateCompileStep(DataFlow::Node node1, DataFlow::Node node2
private class MvelScriptEngineCompilationMethod extends Method {
MvelScriptEngineCompilationMethod() {
getDeclaringType() instanceof MvelScriptEngine and
(hasName("compile") or hasName("compiledScript"))
hasName(["compile", "compiledScript"])
}
}