Merge pull request #2725 from aschackmull/java/sqlinjection-number-barrier

Java: Add java.lang.Number as a sanitizer for SQL injection.
2025-12-22 03:36:30 +01:00 · 2020-01-30 18:25:24 -05:00
parent b542b08c95 2a0a568cbb
commit 7ca7bdfc46
3 changed files with 13 additions and 5 deletions
--- a/java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll
+++ b/java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll
@@ -54,7 +54,9 @@ private class QueryInjectionFlowConfig extends TaintTracking::Configuration {
  override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }

  override predicate isSanitizer(DataFlow::Node node) {
-    node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
+    node.getType() instanceof PrimitiveType or
+    node.getType() instanceof BoxedType or
+    node.getType() instanceof NumberType
  }
 }