hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Explicitly list custom flow steps.

Browse Source
This commit is contained in:
intrigus
2021-04-10 14:53:02 +02:00
parent e4775e0fae
commit 6d09db6fd6
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
View File

@@ -123,7 +123,12 @@ private predicate isFlag(DataFlow::Node source) {
)
}
/** Holds if there is flow from `node1` to `node2` either due to local flow or due to custom flow steps. */
/**
* Holds if there is flow from `node1` to `node2` either due to local flow or due to custom flow steps:
* 1. `Boolean.parseBoolean(taintedValue)` taints the return value of `parseBoolean`.
* 2. A call to an `EnvReadMethod` such as `System.getProperty` where a tainted value is used as an argument.
* The return value of such a method is then tainted.
*/
private predicate flagFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
DataFlow::localFlowStep(node1, node2)
or