hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Decouple SpelInjection.qll to reuse the taint tracking configuration

Browse Source
This commit is contained in:
Tony Torralba
2021-07-19 13:26:23 +02:00
parent 569426b04e
commit 94f32d2985
4 changed files with 37 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
java/ql/test/query-tests/security/CWE-094/SpelInjectionTest.ql
View File

@@ -1,21 +1,9 @@
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.SpelInjection
import semmle.code.java.security.SpelInjectionQuery
import TestUtilities.InlineExpectationsTest
class Conf extends TaintTracking::Configuration {
Conf() { this = "test:cwe:spel-injection" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof SpelExpressionEvaluationSink }
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
any(SpelExpressionInjectionAdditionalTaintStep c).step(node1, node2)
}
}
class HasSpelInjectionTest extends InlineExpectationsTest {
HasSpelInjectionTest() { this = "HasSpelInjectionTest" }
@@ -23,7 +11,9 @@ class HasSpelInjectionTest extends InlineExpectationsTest {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasSpelInjection" and
exists(DataFlow::Node src, DataFlow::Node sink, Conf conf | conf.hasFlow(src, sink) |
exists(DataFlow::Node src, DataFlow::Node sink, SpelInjectionConfig conf |
conf.hasFlow(src, sink)
|
sink.getLocation() = location and
element = sink.toString() and
value = ""