hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use set literal expression

Browse Source
This commit is contained in:
edvraa
2021-04-22 09:48:46 +03:00
parent 9774b24c4e
commit 86444bfa09
1 changed files with 6 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql
View File

@@ -27,35 +27,23 @@ class RegexSink extends DataFlow::ExprNode {
m.getDeclaringType() instanceof TypeString and
(
ma.getArgument(0) = this.asExpr() and
(
m.hasName("matches") or
m.hasName("split") or
m.hasName("replaceFirst") or
m.hasName("replaceAll")
)
m.hasName(["matches", "split", "replaceFirst", "replaceAll"])
)
or
m.getDeclaringType().hasQualifiedName("java.util.regex", "Pattern") and
(
ma.getArgument(0) = this.asExpr() and
(
m.hasName("compile") or
m.hasName("matches")
)
m.hasName(["compile", "matches"])
)
or
m.getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "RegExUtils") and
(
ma.getArgument(1) = this.asExpr() and
m.getParameterType(1).(Class) instanceof TypeString and
(
m.hasName("removeAll") or
m.hasName("removeFirst") or
m.hasName("removePattern") or
m.hasName("replaceAll") or
m.hasName("replaceFirst") or
m.hasName("replacePattern")
)
m.hasName([
"removeAll", "removeFirst", "removePattern", "replaceAll", "replaceFirst",
"replacePattern"
])
)
)
)