hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8676 from pwntester/java_hotspots_mods

Browse Source 
Make security-related TaintTracking Configuration public
This commit is contained in:
Anders Schack-Mulligen
2022-04-06 14:40:14 +02:00
committed by GitHub
parent 943af17d10 9ccd0e564b
commit 879b8a1200
5 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/lib/semmle/code/java/security/CommandLineQuery.qll
View File

@@ -11,7 +11,10 @@ import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.ExternalProcess
import semmle.code.java.security.CommandArguments
private class RemoteUserInputToArgumentToExecFlowConfig extends TaintTracking::Configuration {
/**
* A taint-tracking configuration for unvalidated user input that is used to run an external process.
*/
class RemoteUserInputToArgumentToExecFlowConfig extends TaintTracking::Configuration {
RemoteUserInputToArgumentToExecFlowConfig() {
this = "ExecCommon::RemoteUserInputToArgumentToExecFlowConfig"
}

13
java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll → java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
View File

@@ -1,10 +1,19 @@
/** Definitions used by the queries for database query injection. */
/**
* Provides taint tracking and dataflow configurations to be used in Sql injection queries.
*
* Do not import this from a library file, in order to reduce the risk of
* unintentionally bringing a TaintTracking::Configuration into scope in an unrelated
* query.
*/
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.QueryInjection
private class QueryInjectionFlowConfig extends TaintTracking::Configuration {
/**
* A taint-tracking configuration for unvalidated user input that is used in SQL queries.
*/
class QueryInjectionFlowConfig extends TaintTracking::Configuration {
QueryInjectionFlowConfig() { this = "SqlInjectionLib::QueryInjectionFlowConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }

2
java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
View File

@@ -14,7 +14,7 @@
import java
import semmle.code.java.dataflow.FlowSources
import SqlInjectionLib
import semmle.code.java.security.SqlInjectionQuery
import DataFlow::PathGraph
from QueryInjectionSink query, DataFlow::PathNode source, DataFlow::PathNode sink

2
java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql
View File

@@ -14,7 +14,7 @@
import semmle.code.java.Expr
import semmle.code.java.dataflow.FlowSources
import SqlInjectionLib
import semmle.code.java.security.SqlInjectionQuery
import DataFlow::PathGraph
class LocalUserInputToQueryInjectionFlowConfig extends TaintTracking::Configuration {

2
java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql
View File

@@ -14,7 +14,7 @@
import java
import semmle.code.java.security.SqlUnescapedLib
import SqlInjectionLib
import semmle.code.java.security.SqlInjectionQuery
class UncontrolledStringBuilderSource extends DataFlow::ExprNode {
UncontrolledStringBuilderSource() {