hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Expand ExactPathSanitizer to work on the argument of 'equals' too

Browse Source
This commit is contained in:
Tony Torralba
2024-02-15 09:54:29 +01:00
parent 8aff913c3c
commit 90a9d82b9d
4 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/security/PathSanitizer.qll
View File

@@ -56,7 +56,7 @@ private predicate exactPathMatchGuard(Guard g, Expr e, boolean branch) {
t instanceof StringsKt or
t instanceof FilesKt
|
e = getVisualQualifier(ma).getUnderlyingExpr() and
e = [getVisualQualifier(ma).getUnderlyingExpr(), getVisualArgument(ma, 0)] and
ma.getMethod().getDeclaringType() = t and
ma = g and
getSourceMethod(ma.getMethod()).hasName(["equals", "equalsIgnoreCase"]) and