Java: Identify more APIs as supported in the telemetry queries (as QL defined sinks).

2026-04-25 16:55:19 +02:00 · 2024-04-23 13:27:08 +02:00
parent acb2bbb2a3
commit 9db32f4d26
12 changed files with 233 additions and 45 deletions
--- a/java/ql/src/Telemetry/ExternalApi.qll
+++ b/java/ql/src/Telemetry/ExternalApi.qll
@@ -2,6 +2,7 @@

 private import java
 private import semmle.code.java.dataflow.ApiSources as ApiSources
+private import semmle.code.java.dataflow.ApiSinks as ApiSinks
 private import semmle.code.java.dataflow.DataFlow
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.FlowSources
@@ -74,7 +75,7 @@ class ExternalApi extends Callable {

  /** Holds if this API is a known sink. */
  pragma[nomagic]
-  predicate isSink() { sinkNode(this.getAnInput(), _) }
+  predicate isSink() { this.getAnInput() instanceof ApiSinks::SinkNode }

  /** Holds if this API is a known neutral. */
  pragma[nomagic]