hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Drop the getPath check from the library

Browse Source
This commit is contained in:
luchua-bc
2022-03-28 20:14:40 +00:00
parent 657f615703
commit 833d842113
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/src/experimental/semmle/code/java/PathSanitizer.qll
View File

@@ -21,13 +21,12 @@ private class ExactStringPathMatchGuard extends PathTraversalBarrierGuard instan
}
/**
* Returns the qualifier of a method call if it's a variable access, or the qualifier of the qualifier if
* the qualifier itself is a method call to `getPath`, which helps to reduce FPs by handling scenarios
* such as `!uri.getPath().contains("..")`.
* Returns the qualifier of a method call if it's a variable access, or the qualifier of the qualifier
* if the qualifier itself is a method call, which helps to reduce FPs by handling scenarios such as
* `!uri.getPath().contains("..")`.
*/
private Expr getRealQualifier(Expr e) {
e.(MethodAccess).getMethod().hasQualifiedName("android.net", "Uri", "getPath") and
result = e.(MethodAccess).getQualifier()
result = getRealQualifier(e.(MethodAccess).getQualifier())
or
result = e.(VarAccess)
}