hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 12:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5310 from joefarebrother/guava-io

Browse Source 
Java: Add modelling for Guava IO utilities
This commit is contained in:
Joe Farebrother
2021-03-09 11:19:44 +00:00
committed by GitHub
parent 2a9f7a966c bd4a414abd
commit 7a4ce83169
41 changed files with 1927 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql
View File

@@ -8,6 +8,7 @@
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.ExternalFlow
import DataFlow::PathGraph
class URLConstructor extends ClassInstanceExpr {
@@ -37,6 +38,8 @@ class RemoteURLToOpenStreamFlowConfig extends TaintTracking::Configuration {
exists(MethodAccess m |
sink.asExpr() = m.getQualifier() and m.getMethod() instanceof URLOpenStreamMethod
)
or
sinkNode(sink, "url-open-stream")
}
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {