Java: Add taint step to flow through Spring tainted user data class

getters.
This commit is contained in:
lcartey@github.com
2020-05-17 23:29:13 +01:00
parent 8678d5fc6f
commit 93c28d4c03

View File

@@ -389,6 +389,10 @@ private predicate taintPreservingQualifierToMethod(Method m) {
)
or
m instanceof StringReplaceMethod
or
exists(SpringUntrustedDataType dt |
m.(GetterMethod) = dt.getAMethod()
)
}
private class StringReplaceMethod extends Method {