hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: update jexl sink kind to jexl-injection

Browse Source
This commit is contained in:
Jami Cogswell
2023-05-09 12:04:39 -04:00
parent 6431d370c1
commit 6cee0c4c75
4 changed files with 32 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -277,7 +277,7 @@ module ModelValidation {
"open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection",
"mvel", "xpath-injection", "groovy-injection", "xss", "ognl-injection", "intent-start",
"pending-intent-sent", "url-redirection", "create-file", "read-file", "write-file",
"set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl",
"set-hostname-verifier", "header-splitting", "information-leak", "xslt", "jexl-injection",
"bean-validation", "template-injection", "fragment-injection", "command-injection"
] and
not kind.matches("regex-use%") and

2
java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll
View File

@@ -13,7 +13,7 @@ abstract class JexlEvaluationSink extends DataFlow::ExprNode { }
/** Default sink for JXEL injection vulnerabilities. */
private class DefaultJexlEvaluationSink extends JexlEvaluationSink {
DefaultJexlEvaluationSink() { sinkNode(this, "jexl") }
DefaultJexlEvaluationSink() { sinkNode(this, "jexl-injection") }
}
/**