hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: update xslt sink kind to xslt-injection

Browse Source
This commit is contained in:
Jami Cogswell
2023-05-09 12:06:36 -04:00
parent cea97b3f2a
commit 6d2d25406c
4 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/ext/javax.xml.transform.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: codeql/java-all
extensible: sinkModel
data:
- ["javax.xml.transform", "Transformer", False, "transform", "", "", "Argument[this]", "xslt", "manual"]
- ["javax.xml.transform", "Transformer", False, "transform", "", "", "Argument[this]", "xslt-injection", "manual"]

10
java/ql/lib/ext/net.sf.saxon.s9api.model.yml
View File

@@ -3,8 +3,8 @@ extensions:
pack: codeql/java-all
extensible: sinkModel
data:
- ["net.sf.saxon.s9api", "Xslt30Transformer", False, "applyTemplates", "", "", "Argument[this]", "xslt", "manual"]
- ["net.sf.saxon.s9api", "Xslt30Transformer", False, "callFunction", "", "", "Argument[this]", "xslt", "manual"]
- ["net.sf.saxon.s9api", "Xslt30Transformer", False, "callTemplate", "", "", "Argument[this]", "xslt", "manual"]
- ["net.sf.saxon.s9api", "Xslt30Transformer", False, "transform", "", "", "Argument[this]", "xslt", "manual"]
- ["net.sf.saxon.s9api", "XsltTransformer", False, "transform", "", "", "Argument[this]", "xslt", "manual"]
- ["net.sf.saxon.s9api", "Xslt30Transformer", False, "applyTemplates", "", "", "Argument[this]", "xslt-injection", "manual"]
- ["net.sf.saxon.s9api", "Xslt30Transformer", False, "callFunction", "", "", "Argument[this]", "xslt-injection", "manual"]
- ["net.sf.saxon.s9api", "Xslt30Transformer", False, "callTemplate", "", "", "Argument[this]", "xslt-injection", "manual"]
- ["net.sf.saxon.s9api", "Xslt30Transformer", False, "transform", "", "", "Argument[this]", "xslt-injection", "manual"]
- ["net.sf.saxon.s9api", "XsltTransformer", False, "transform", "", "", "Argument[this]", "xslt-injection", "manual"]

6
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -277,9 +277,9 @@ module ModelValidation {
"open-url", "jndi-injection", "ldap", "sql-injection", "jdbc-url", "log-injection",
"mvel-injection", "xpath-injection", "groovy-injection", "xss", "ognl-injection",
"intent-start", "pending-intent-sent", "url-redirection", "create-file", "read-file",
"write-file", "set-hostname-verifier", "header-splitting", "information-leak", "xslt",
"jexl-injection", "bean-validation", "template-injection", "fragment-injection",
"command-injection"
"write-file", "set-hostname-verifier", "header-splitting", "information-leak",
"xslt-injection", "jexl-injection", "bean-validation", "template-injection",
"fragment-injection", "command-injection"
] and
not kind.matches("regex-use%") and
not kind.matches("qltest%") and

2
java/ql/lib/semmle/code/java/security/XsltInjection.qll
View File

@@ -12,7 +12,7 @@ abstract class XsltInjectionSink extends DataFlow::Node { }
/** A default sink representing methods susceptible to XSLT Injection attacks. */
private class DefaultXsltInjectionSink extends XsltInjectionSink {
DefaultXsltInjectionSink() { sinkNode(this, "xslt") }
DefaultXsltInjectionSink() { sinkNode(this, "xslt-injection") }
}
/**