hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-28 21:03:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Address review comments

Browse Source
This commit is contained in:
lcartey@github.com
2020-08-11 15:28:06 +01:00
parent 5a96ee1a7b
commit 8a65dd2cd6
4 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/semmle/code/java/security/ExternalAPIs.qll
View File

@@ -9,7 +9,7 @@ import semmle.code.java.dataflow.TaintTracking
module ExternalAPIs {
/**
* A `Method` which is considered a "safe" external API from a security perspective.
* A `Method` that is considered a "safe" external API from a security perspective.
*/
abstract class SafeExternalAPIMethod extends Method { }
@@ -24,7 +24,7 @@ module ExternalAPIs {
or
getQualifiedName() = "Objects.equals"
or
getDeclaringType().getQualifiedName() = "java.lang.String" and getName() = "equals"
getDeclaringType() instanceof TypeString and getName() = "equals"
or
getDeclaringType().hasQualifiedName("com.google.common.base", "Preconditions")
or
@@ -76,7 +76,7 @@ module ExternalAPIs {
m.getASourceOverriddenMethod() = call.getCallee().getSourceDeclaration() and
m.fromSource()
) and
// Not already modelled as a taint step
// Not already modeled as a taint step
not exists(DataFlow::Node next | TaintTracking::localTaintStep(this, next)) and
// Not a call to a known safe external API
not call.getCallee() instanceof SafeExternalAPIMethod