hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into amammad-java-bombs

Browse Source
This commit is contained in:
Owen Mansel-Chan
2024-07-18 21:28:23 +01:00
committed by GitHub
parent 7bb7d83b26 9a729144e8
commit 9a66e66d66
2888 changed files with 121408 additions and 94224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll
View File

@@ -72,7 +72,7 @@ class ArrayInitAtNonZeroIndex extends DataFlow::Node {
class StreamConcatAtNonZeroIndex extends DataFlow::Node {
StreamConcatAtNonZeroIndex() {
exists(MethodCall call, int index |
call.getMethod().getQualifiedName() = "java.util.stream.Stream.concat" and
call.getMethod().hasQualifiedName("java.util.stream", "Stream", "concat") and
call.getArgument(index) = this.asExpr() and
index != 0
)

5
java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
View File

@@ -14,7 +14,7 @@
import java
import semmle.code.java.security.CommandLineQuery
import RemoteUserInputToArgumentToExecFlow::PathGraph
import InputToArgumentToExecFlow::PathGraph
private import semmle.code.java.dataflow.ExternalFlow
private class ActivateModels extends ActiveExperimentalModels {
@@ -23,8 +23,7 @@ private class ActivateModels extends ActiveExperimentalModels {
// This is a clone of query `java/command-line-injection` that also includes experimental sinks.
from
RemoteUserInputToArgumentToExecFlow::PathNode source,
RemoteUserInputToArgumentToExecFlow::PathNode sink, Expr execArg
InputToArgumentToExecFlow::PathNode source, InputToArgumentToExecFlow::PathNode sink, Expr execArg
where execIsTainted(source, sink, execArg)
select execArg, source, sink, "This command line depends on a $@.", source.getNode(),
"user-provided value"

3
java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql
View File

@@ -72,8 +72,7 @@ class HostVerificationMethodCall extends MethodCall {
exists(MethodCall ma, Method m, Field f |
this.getArgument(0) = ma and
ma.getMethod() = m and
m.hasName("getString") and
m.getDeclaringType().getQualifiedName() = "android.content.res.Resources" and
m.hasQualifiedName("android.content.res", "Resources", "getString") and
ma.getArgument(0).(FieldRead).getField() = f and
f.getDeclaringType() instanceof AndroidRString
) //Check resource properties in /res/values/strings.xml in Android mobile applications using res.getString(R.string.key)