hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-14 17:31:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Constrain location overrides to actual sources/sinks

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-10-16 14:19:05 +02:00
parent 96e1536769
commit a0975e7e19
13 changed files with 45 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/lib/semmle/code/java/security/CommandLineQuery.qll
View File

@@ -66,9 +66,11 @@ module InputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
// ExecTainted.ql queries use the argument as the primary location;
// ExecUnescaped.ql does not (used to prevent overlapping results).
Location getASelectedSinkLocation(DataFlow::Node sink) {
result = sink.getLocation()
or
exists(Expr argument | argumentToExec(argument, sink) | result = argument.getLocation())
exists(Expr argument | argumentToExec(argument, sink) |
result = argument.getLocation()
or
result = sink.getLocation()
)
}
}