hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 23:35:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Address reviews - use SimpleTypeSanitizer and alter qldoc style

Browse Source
This commit is contained in:
Joe Farebrother
2024-01-31 11:31:25 +00:00
parent 460ffc89b2
commit 9130603334
2 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/frameworks/android/Layout.qll
View File

@@ -50,7 +50,7 @@ private class FindViewMethod extends Method {
}
}
/** Gets a use of the view that has the given id. (i.e. from a call to a method like `findViewById`) */
/** Gets a use of the view that has the given id. (that is, from a call to a method like `findViewById`) */
MethodCall getAUseOfViewWithId(string id) {
exists(string name, NestedClass r_id, Field id_field |
id = ["@+id/", "@id/"] + name and

5
java/ql/lib/semmle/code/java/security/SensitiveUiQuery.qll
View File

@@ -5,6 +5,7 @@ private import semmle.code.java.dataflow.ExternalFlow
private import semmle.code.java.dataflow.TaintTracking
private import semmle.code.java.security.SensitiveActions
private import semmle.code.java.frameworks.android.Layout
private import semmle.code.java.security.Sanitizers
/** A configuration for tracking sensitive information to system notifications. */
private module NotificationTrackingConfig implements DataFlow::ConfigSig {
@@ -63,9 +64,7 @@ private module TextFieldTrackingConfig implements DataFlow::ConfigSig {
)
}
predicate isBarrier(DataFlow::Node node) {
node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
}
predicate isBarrier(DataFlow::Node node) { node instanceof SimpleTypeSanitizer }
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
}