hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Eliminate false positives\

Browse Source
This commit is contained in:
haby0
2021-04-30 10:31:40 +08:00
parent e813257431
commit 711a74c9c9
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
View File

@@ -41,10 +41,12 @@ private class CompareSink extends UseOfLessTrustedSink {
ma.getMethod().getNumberOfParameters() = 1 and
(
ma.getArgument(0) = this.asExpr() and
ma.getQualifier().(CompileTimeConstantExpr).getStringValue() instanceof PrivateHostName
ma.getQualifier().(CompileTimeConstantExpr).getStringValue() instanceof PrivateHostName and
not ma.getQualifier().(CompileTimeConstantExpr).getStringValue() = "0:0:0:0:0:0:0:1"
or
ma.getQualifier() = this.asExpr() and
ma.getArgument(0).(CompileTimeConstantExpr).getStringValue() instanceof PrivateHostName
ma.getArgument(0).(CompileTimeConstantExpr).getStringValue() instanceof PrivateHostName and
not ma.getArgument(0).(CompileTimeConstantExpr).getStringValue() = "0:0:0:0:0:0:0:1"
)
)
or
@@ -79,7 +81,8 @@ private class CompareSink extends UseOfLessTrustedSink {
.hasQualifiedName(["org.apache.commons.lang3", "org.apache.commons.lang"], "StringUtils") and
ma.getMethod().getNumberOfParameters() = 2 and
ma.getAnArgument() = this.asExpr() and
ma.getAnArgument().(CompileTimeConstantExpr).getStringValue() instanceof PrivateHostName
ma.getAnArgument().(CompileTimeConstantExpr).getStringValue() instanceof PrivateHostName and
not ma.getAnArgument().(CompileTimeConstantExpr).getStringValue() = "0:0:0:0:0:0:0:1"
)
}
}