mirror of
https://github.com/github/codeql.git
synced 2026-04-25 16:55:19 +02:00
Rename semmle.code.java.security.dataflow.CommonSanitizers to semmle.code.java.security.Sanitizers
This commit is contained in:
Ed Minnix
@@ -3,7 +3,7 @@
|
||||
import java
|
||||
private import semmle.code.java.security.Encryption
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
private class ShortStringLiteral extends StringLiteral {
|
||||
ShortStringLiteral() { this.getValue().length() < 100 }
|
||||
|
||||
@@ -12,7 +12,7 @@ private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
private import semmle.code.java.security.CommandArguments
|
||||
private import semmle.code.java.security.ExternalProcess
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/** A sink for command injection vulnerabilities. */
|
||||
abstract class CommandInjectionSink extends DataFlow::Node { }
|
||||
|
||||
@@ -4,7 +4,7 @@ import java
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.ExternalProcess
|
||||
private import semmle.code.java.security.CommandArguments
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/** A taint-tracking configuration to reason about use of externally controlled strings to make command line commands. */
|
||||
module ExecTaintedLocalConfig implements DataFlow::ConfigSig {
|
||||
|
||||
@@ -4,7 +4,7 @@ import java
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
import semmle.code.java.frameworks.Networking
|
||||
import semmle.code.java.security.HttpsUrls
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `HttpsStringToUrlOpenMethodFlow` instead.
|
||||
|
||||
@@ -5,7 +5,7 @@ import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.frameworks.Jndi
|
||||
import semmle.code.java.frameworks.SpringLdap
|
||||
import semmle.code.java.security.JndiInjection
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `JndiInjectionFlow` instead.
|
||||
|
||||
@@ -7,7 +7,7 @@ import semmle.code.java.frameworks.UnboundId
|
||||
import semmle.code.java.frameworks.SpringLdap
|
||||
import semmle.code.java.frameworks.ApacheLdap
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/** A data flow sink for unvalidated user input that is used to construct LDAP queries. */
|
||||
abstract class LdapInjectionSink extends DataFlow::Node { }
|
||||
|
||||
@@ -4,7 +4,7 @@ import java
|
||||
private import semmle.code.java.dataflow.DataFlow
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
private import semmle.code.java.controlflow.Guards
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/** A data flow sink for unvalidated user input that is used to log messages. */
|
||||
abstract class LogInjectionSink extends DataFlow::Node { }
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.OgnlInjection
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `OgnlInjectionFlow` instead.
|
||||
|
||||
@@ -10,7 +10,7 @@ import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.frameworks.Properties
|
||||
private import semmle.code.java.dataflow.StringPrefixes
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/**
|
||||
* A unit class for adding additional taint steps that are specific to server-side request forgery (SSRF) attacks.
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
import java
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
import semmle.code.java.security.ResponseSplitting
|
||||
|
||||
/**
|
||||
|
||||
@@ -5,7 +5,7 @@ private import semmle.code.java.dataflow.ExternalFlow
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
import semmle.code.java.security.SensitiveActions
|
||||
import semmle.code.java.frameworks.android.Compose
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/** A variable that may hold sensitive information, judging by its name. */
|
||||
class CredentialExpr extends Expr {
|
||||
|
||||
@@ -4,7 +4,7 @@ import java
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.SqlConcatenatedLib
|
||||
private import semmle.code.java.security.SqlInjectionQuery
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
private class UncontrolledStringBuilderSource extends DataFlow::ExprNode {
|
||||
UncontrolledStringBuilderSource() {
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
import semmle.code.java.security.QueryInjection
|
||||
|
||||
/**
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
import java
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.SqlInjectionQuery
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration for reasoning about local user input that is
|
||||
|
||||
@@ -6,7 +6,7 @@ import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
import semmle.code.java.security.PathSanitizer
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/**
|
||||
* A unit class for adding additional taint steps.
|
||||
|
||||
@@ -4,7 +4,7 @@ import java
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/**
|
||||
* A source for server-side template injection (SST) vulnerabilities.
|
||||
|
||||
@@ -6,7 +6,7 @@ private import semmle.code.java.controlflow.Guards
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.frameworks.owasp.Esapi
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/**
|
||||
* A source of data that crosses a trust boundary.
|
||||
|
||||
@@ -4,7 +4,7 @@ import java
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.frameworks.android.Android
|
||||
private import semmle.code.java.security.PathSanitizer
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/** A URI that gets resolved by a `ContentResolver`. */
|
||||
abstract class ContentUriResolutionSink extends DataFlow::Node { }
|
||||
|
||||
@@ -5,7 +5,7 @@ import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
import semmle.code.java.security.XmlParsers
|
||||
import semmle.code.java.security.XsltInjection
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `XsltInjectionFlow` instead.
|
||||
|
||||
@@ -5,7 +5,7 @@ import codeql.regex.nfa.SuperlinearBackTracking::Make<TreeView> as SuperlinearBa
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.regex.RegexFlowConfigs
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
/** A sink for polynomial redos queries, where a regex is matched. */
|
||||
class PolynomialRedosSink extends DataFlow::Node {
|
||||
|
||||
@@ -19,7 +19,7 @@ import java
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.dataflow.ExternalFlow
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
import Log4jInjectionFlow::PathGraph
|
||||
|
||||
private class ActivateModels extends ActiveExperimentalModels {
|
||||
|
||||
@@ -18,7 +18,7 @@ import semmle.code.java.dataflow.ExternalFlow
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import JFinalController
|
||||
import semmle.code.java.security.PathSanitizer
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
import InjectFilePathFlow::PathGraph
|
||||
|
||||
private class ActivateModels extends ActiveExperimentalModels {
|
||||
|
||||
@@ -2,7 +2,7 @@ import java
|
||||
import semmle.code.java.frameworks.javaee.ejb.EJBRestrictions
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
module ExecCmdFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
|
||||
@@ -17,7 +17,7 @@ import MyBatisCommonLib
|
||||
import MyBatisAnnotationSqlInjectionLib
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
import MyBatisAnnotationSqlInjectionFlow::PathGraph
|
||||
|
||||
private module MyBatisAnnotationSqlInjectionConfig implements DataFlow::ConfigSig {
|
||||
|
||||
@@ -17,7 +17,7 @@ import MyBatisCommonLib
|
||||
import MyBatisMapperXmlSqlInjectionLib
|
||||
import semmle.code.xml.MyBatisMapperXML
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
import MyBatisMapperXmlSqlInjectionFlow::PathGraph
|
||||
|
||||
private module MyBatisMapperXmlSqlInjectionConfig implements DataFlow::ConfigSig {
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
import java
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
import semmle.code.java.security.Sanitizers
|
||||
import ClientSuppliedIpUsedInSecurityCheckLib
|
||||
import ClientSuppliedIpUsedInSecurityCheckFlow::PathGraph
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.dataflow.StringPrefixes
|
||||
private import semmle.code.java.frameworks.javaee.ejb.EJBRestrictions
|
||||
private import experimental.semmle.code.java.frameworks.SpringResource
|
||||
private import semmle.code.java.security.dataflow.CommonSanitizers
|
||||
private import semmle.code.java.security.Sanitizers
|
||||
|
||||
private class ActiveModels extends ActiveExperimentalModels {
|
||||
ActiveModels() { this = "unsafe-url-forward" }
|
||||
|
||||
Reference in New Issue
Block a user