hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add beanValidation remote source

Browse Source
This commit is contained in:
Alvaro Muñoz
2020-10-27 15:45:17 +01:00
parent 3dcd8acf97
commit a36970f306
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
java/ql/src/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -183,6 +183,23 @@ private class WebSocketMessageParameterSource extends RemoteFlowSource {
override string getSourceType() { result = "Websocket onText parameter" }
}
private class BeanValidationSource extends RemoteFlowSource {
BeanValidationSource() {
exists(Method m, Parameter v |
this.asParameter() = v and
m.getParameter(0) = v and
m
.getDeclaringType()
.getASourceSupertype+()
.hasQualifiedName("javax.validation", "ConstraintValidator") and
m.hasName("isValid") and
m.fromSource()
)
}
override string getSourceType() { result = "BeanValidation source" }
}
/** Class for `tainted` user input. */
abstract class UserInput extends DataFlow::Node { }