hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add taint steps for java.util.Queue methods.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2020-03-12 15:02:06 +01:00
parent 4355f8d2b4
commit 99c55b6edb
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/semmle/code/java/dataflow/internal/ContainerFlow.qll
View File

@@ -115,11 +115,19 @@ private predicate taintPreservingQualifierToMethod(Method m) {
or
m.(CollectionMethod).hasName("remove") and m.getParameterType(0).(PrimitiveType).hasName("int")
or
m.(CollectionMethod).hasName("remove") and m.getNumberOfParameters() = 0
or
m.(CollectionMethod).hasName("subList")
or
m.(CollectionMethod).hasName("firstElement")
or
m.(CollectionMethod).hasName("lastElement")
or
m.(CollectionMethod).hasName("poll")
or
m.(CollectionMethod).hasName("peek")
or
m.(CollectionMethod).hasName("element")
}
private predicate qualifierToMethodStep(Expr tracked, MethodAccess sink) {
@@ -147,6 +155,8 @@ private predicate taintPreservingArgumentToQualifier(Method method, int arg) {
method.(CollectionMethod).hasName("addElement") and arg = 0
or
method.(CollectionMethod).hasName("set") and arg = 1
or
method.(CollectionMethod).hasName("offer") and arg = 0
}
private predicate argToQualifierStep(Expr tracked, Expr sink) {