hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use RemoteFlowSource instead of UserInput

Browse Source
This commit is contained in:
Tony Torralba
2021-09-02 13:52:42 +02:00
parent 98a12cef26
commit a484e9fb06
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
View File

@@ -35,7 +35,7 @@ predicate conditionControlsMethod(MethodAccess m, Expr e) {
class ConditionalBypassFlowConfig extends TaintTracking::Configuration { class ConditionalBypassFlowConfig extends TaintTracking::Configuration {
ConditionalBypassFlowConfig() { this = "ConditionalBypassFlowConfig" } ConditionalBypassFlowConfig() { this = "ConditionalBypassFlowConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof UserInput } override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { conditionControlsMethod(_, sink.asExpr()) } override predicate isSink(DataFlow::Node sink) { conditionControlsMethod(_, sink.asExpr()) }
} }