hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 04:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Fix taint-step handling for untrusted-data-external-api

Browse Source 
The previous implementation would not handle any `AdditionalTaintStep`
subclasses.
This commit is contained in:
Rasmus Wriedt Larsen
2020-12-22 11:02:50 +01:00
parent 0c78fb2933
commit 874af7637f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/semmle/code/java/security/ExternalAPIs.qll
View File

@@ -76,7 +76,7 @@ class ExternalAPIDataNode extends DataFlow::Node {
m.fromSource()
) and
// Not already modeled as a taint step
not exists(DataFlow::Node next | TaintTracking::localTaintStep(this, next)) and
not exists(DataFlow::Node next | TaintTracking::defaultAdditionalTaintStep(this, next)) and
// Not a call to a known safe external API
not call.getCallee() instanceof SafeExternalAPIMethod
}