hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Don't use the deprecated Configuration2

Browse Source
This commit is contained in:
Jonas Jensen
2019-08-20 12:56:53 +02:00
parent aeb2323128
commit 9ac0cdd2a2
4 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/Security/CWE/CWE-079/XSS.ql
View File

@@ -12,10 +12,11 @@
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.security.XSS
import DataFlow2::PathGraph
class XSSConfig extends TaintTracking::Configuration2 {
class XSSConfig extends TaintTracking2::Configuration {
XSSConfig() { this = "XSSConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

3
java/ql/src/Security/CWE/CWE-079/XSSLocal.ql
View File

@@ -12,10 +12,11 @@
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.security.XSS
import DataFlow2::PathGraph
class XSSLocalConfig extends TaintTracking::Configuration2 {
class XSSLocalConfig extends TaintTracking2::Configuration {
XSSLocalConfig() { this = "XSSLocalConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }

5
java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
View File

@@ -14,6 +14,7 @@
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.security.XSS
/**
@@ -80,7 +81,7 @@ predicate stackTraceExpr(Expr exception, MethodAccess stackTraceString) {
)
}
class StackTraceStringToXssSinkFlowConfig extends TaintTracking::Configuration2 {
class StackTraceStringToXssSinkFlowConfig extends TaintTracking2::Configuration {
StackTraceStringToXssSinkFlowConfig() {
this = "StackTraceExposure::StackTraceStringToXssSinkFlowConfig"
}
@@ -119,7 +120,7 @@ class GetMessageFlowSource extends MethodAccess {
}
}
class GetMessageFlowSourceToXssSinkFlowConfig extends TaintTracking::Configuration2 {
class GetMessageFlowSourceToXssSinkFlowConfig extends TaintTracking2::Configuration {
GetMessageFlowSourceToXssSinkFlowConfig() {
this = "StackTraceExposure::GetMessageFlowSourceToXssSinkFlowConfig"
}

3
java/ql/src/Security/CWE/CWE-611/XXE.ql
View File

@@ -13,9 +13,10 @@
import java
import XmlParsers
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking2
import DataFlow::PathGraph
class SafeSAXSourceFlowConfig extends TaintTracking::Configuration2 {
class SafeSAXSourceFlowConfig extends TaintTracking2::Configuration {
SafeSAXSourceFlowConfig() { this = "XmlParsers::SafeSAXSourceFlowConfig" }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SafeSAXSource }