hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1679 from aschackmull/java/reader-taint

Browse Source 
Java: Adjust taint steps for Reader::read.
This commit is contained in:
yh-semmle
2019-08-05 12:46:12 -04:00
committed by GitHub
parent f60af2cfba 4ffc41277a
commit 7e90728c67
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/src/semmle/code/java/dataflow/TaintTracking.qll
View File

@@ -363,6 +363,10 @@ module TaintTracking {
m.getDeclaringType().hasQualifiedName("java.io", "InputStream") and
m.hasName("read") and
arg = 0
or
m.getDeclaringType().getASupertype*().hasQualifiedName("java.io", "Reader") and
m.hasName("read") and
arg = 0
}
/** Access to a method that passes taint from the qualifier. */
@@ -398,8 +402,12 @@ module TaintTracking {
m.getName().matches("%Value")
)
or
m.getDeclaringType().getQualifiedName().matches("%Reader") and
m.getName().matches("read%")
m.getDeclaringType().getASupertype*().hasQualifiedName("java.io", "Reader") and
(
m.getName() = "read" and m.getNumberOfParameters() = 0
or
m.getName() = "readLine"
)
or
m.getDeclaringType().getQualifiedName().matches("%StringWriter") and
m.getName() = "toString"