hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

update sink names

Browse Source
This commit is contained in:
Jami Cogswell
2022-11-01 11:07:28 -04:00
parent 5b089bbb9c
commit 81ad10bab5
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/RegexInjection.qll
View File

@@ -6,13 +6,13 @@ private import semmle.code.java.frameworks.Regex
private import semmle.code.java.frameworks.apache.Lang
/** A data flow sink for untrusted user input used to construct regular expressions. */
abstract class Sink extends DataFlow::ExprNode { }
abstract class RegexInjectionSink extends DataFlow::ExprNode { }
/** A sanitizer for untrusted user input used to construct regular expressions. */
abstract class RegexInjectionSanitizer extends DataFlow::ExprNode { }
private class RegexInjectionSink extends Sink {
RegexInjectionSink() {
private class DefaultRegexInjectionSink extends RegexInjectionSink {
DefaultRegexInjectionSink() {
exists(MethodAccess ma, Method m | m = ma.getMethod() |
ma.getArgument(0) = this.asExpr() and
(

2
java/ql/lib/semmle/code/java/security/RegexInjectionQuery.qll
View File

@@ -11,7 +11,7 @@ class RegexInjectionConfiguration extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink }
override predicate isSanitizer(DataFlow::Node node) { node instanceof RegexInjectionSanitizer }
}