hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Simplified JexlInjectionLib.qll and removed LocalUserInput

Browse Source
This commit is contained in:
Artem Smotrakov
2021-03-02 21:22:46 +01:00
parent 34b6ed0a05
commit 6b66323ac3
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll
View File

@@ -12,8 +12,7 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node source) {
source instanceof TaintedSpringRequestBody or
source instanceof RemoteFlowSource or
source instanceof LocalUserInput
source instanceof RemoteFlowSource
}
override predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink }
@@ -30,7 +29,7 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
*/
private class TaintedSpringRequestBody extends DataFlow::Node {
TaintedSpringRequestBody() {
exists(SpringServletInputAnnotation a | this.asParameter().getAnAnnotation() = a)
this.asParameter().getAnAnnotation() instanceof SpringServletInputAnnotation
}
}
@@ -137,7 +136,7 @@ private class SandboxedJexlSource extends DataFlow::ExprNode {
m.getDeclaringType() instanceof JexlBuilder and
m.hasName(["uberspect", "sandbox"]) and
m.getReturnType() instanceof JexlBuilder and
(ma = this.asExpr() or ma.getQualifier() = this.asExpr())
this.asExpr() = [ma, ma.getQualifier()]
)
or
exists(ConstructorCall cc |