hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add taint step to flow through Spring tainted user data class

Browse Source 
getters.
This commit is contained in:
lcartey@github.com
2020-05-17 23:29:13 +01:00
parent 8678d5fc6f
commit 93c28d4c03
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -389,6 +389,10 @@ private predicate taintPreservingQualifierToMethod(Method m) {
)
or
m instanceof StringReplaceMethod
or
exists(SpringUntrustedDataType dt |
m.(GetterMethod) = dt.getAMethod()
)
}
private class StringReplaceMethod extends Method {