hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Expand log injection sanitizers to annotation regex matches

Browse Source
This commit is contained in:
Owen Mansel-Chan
2026-02-14 08:26:26 +00:00
parent 924bb92d91
commit 9fc95f5171
2 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
java/ql/lib/semmle/code/java/security/LogInjection.qll
View File

@@ -64,11 +64,12 @@ private predicate stringMethodArgumentValueMatches(CompileTimeConstantExpr const
}
/**
* Holds if the return value of `ma` is sanitized against log injection attacks
* by removing line breaks from it.
* Holds if `e` is sanitized against log injection attacks by removing line
* breaks from it.
*/
private predicate logInjectionSanitizer(MethodCall ma) {
exists(CompileTimeConstantExpr target, CompileTimeConstantExpr replacement |
private predicate logInjectionSanitizer(Expr e) {
exists(MethodCall ma, CompileTimeConstantExpr target, CompileTimeConstantExpr replacement |
e = ma and
stringMethodCall(ma, target, replacement) and
not stringMethodArgumentValueMatches(replacement, ["%\n%", "%\r%"])
|
@@ -89,6 +90,13 @@ private predicate logInjectionSanitizer(MethodCall ma) {
target.getStringValue() = ["\n", "\r", "\\n", "\\r", "\\R"]
)
)
or
exists(RegexMatch rm, CompileTimeConstantExpr target |
rm instanceof Annotation and
e = rm.getASanitizedExpr() and
target = rm.getRegex() and
regexPreventsLogInjection(target.getStringValue(), true)
)
}
/**