hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add java.lang.Number as a sanitizer for SQL injection.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2020-01-30 12:01:36 +01:00
parent d0ac846cac
commit a167577551
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll
View File

@@ -54,7 +54,9 @@ private class QueryInjectionFlowConfig extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
override predicate isSanitizer(DataFlow::Node node) {
node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
node.getType() instanceof PrimitiveType or
node.getType() instanceof BoxedType or
node.getType() instanceof NumberType
}
}

10
java/ql/src/semmle/code/java/JDK.qll
View File

@@ -101,6 +101,16 @@ class TypeMath extends Class {
TypeMath() { this.hasQualifiedName("java.lang", "Math") }
}
/** The class `java.lang.Number`. */
class TypeNumber extends RefType {
TypeNumber() { this.hasQualifiedName("java.lang", "Number") }
}
/** A (reflexive, transitive) subtype of `java.lang.Number`. */
class NumberType extends RefType {
NumberType() { exists(TypeNumber number | hasSubtype*(number, this)) }
}
/** A numeric type, including both primitive and boxed types. */
class NumericType extends Type {
NumericType() {