hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 22:56:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Include other map mutations

Browse Source
This commit is contained in:
Ed Minnix
2023-11-15 12:06:14 -05:00
parent 4fc6f710a4
commit 6eff72f99a
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/TaintedEnvironmentVariableQuery.qll
View File

@@ -13,7 +13,7 @@ private module ProcessBuilderEnvironmentConfig implements DataFlow::ConfigSig {
)
}
predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(MapPutCall mpc).getQualifier() }
predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(MapMutation mm).getQualifier() }
}
private module ProcessBuilderEnvironmentFlow = DataFlow::Global<ProcessBuilderEnvironmentConfig>;
@@ -28,8 +28,8 @@ module ExecTaintedEnvironmentConfig implements DataFlow::ConfigSig {
sinkNode(sink, "environment-injection")
or
// sink is an added to a `ProcessBuilder::environment` map.
exists(MapPutCall mpc | mpc.getAnArgument() = sink.asExpr() |
ProcessBuilderEnvironmentFlow::flowToExpr(mpc.getQualifier())
exists(MapMutation mm | mm.getAnArgument() = sink.asExpr() |
ProcessBuilderEnvironmentFlow::flowToExpr(mm.getQualifier())
)
}
}