hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Address review comments on path-injection[read] sub-kind

Browse Source 
- shared/mad/codeql/mad/ModelValidation.qll: shorten the comment
  for `path-injection[%]` to `// Java-only currently`, matching the
  style of other language-scoped entries and dropping API examples
  and the java/zipslip reference.
- java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll: replace
  the `File.exists` example in the QLDoc with `FileReader`, since
  `File.exists` is still labelled plain `path-injection`, not
  `path-injection[read]`.
This commit is contained in:
MarkLee131
2026-04-30 19:06:04 +08:00
parent 90741b15e2
commit 936f0c650c
2 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll
View File

@@ -55,8 +55,8 @@ module ZipSlipFlow = TaintTracking::Global<ZipSlipConfig>;
*
* This deliberately selects only the `path-injection` sink kind and excludes
* `path-injection[read]`: Zip Slip is an archive-extraction vulnerability, so
* read-only path sinks (e.g. `ClassLoader.getResource`, `FileInputStream`,
* `File.exists`) are outside the threat model.
* read-only path sinks (for example `ClassLoader.getResource`,
* `FileInputStream`, and `FileReader`) are outside the threat model.
*/
private class FileCreationSink extends DataFlow::Node {
FileCreationSink() { sinkNode(this, "path-injection") }