hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Track taint from concatenated string

Browse Source
This commit is contained in:
Benjamin Muskalla
2021-08-18 13:56:16 +02:00
parent d178fe4e5d
commit 7ddf7ff211
3 changed files with 27 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/test/library-tests/dataflow/taint/B.java
View File

@@ -46,6 +46,9 @@ public class B {
// tainted - tokenized string
String token = new StringTokenizer(badEscape).nextToken();
sink(token);
// tainted - fluent concatenation
String fluentConcat = "".concat("str").concat(token).concat("bar");
sink(fluentConcat);
// not tainted
String safe = notTainty(complex);