hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Avoid taint for valueOf(Object)

Browse Source
This commit is contained in:
Benjamin Muskalla
2021-08-03 09:52:52 +02:00
parent b7b74b51a3
commit 8ce841493c
3 changed files with 43 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/test/library-tests/dataflow/taint/B.java
View File

@@ -37,6 +37,9 @@ public class B {
// tainted - data preserving method
String valueOf = String.valueOf(complex.toCharArray());
sink(valueOf);
// tainted - data preserving method
String valueOfSubstring = String.valueOf(complex.toCharArray(), 0, 1);
sink(valueOfSubstring);
// tainted - unsafe escape
String badEscape = constructed.replaceAll("(<script>)", "");
sink(badEscape);
@@ -52,7 +55,11 @@ public class B {
// non-whitelisted constructors don't pass taint
StringWrapper herring = new StringWrapper(complex);
sink(herring);
// toString does not pass taint yet
String valueOfObject = String.valueOf(args);
sink(valueOfObject);
// tainted equality check with constant
boolean cond = "foo" == s;
sink(cond);