hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 02:08:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add bi-directional import of FragmentInjection.

Browse Source
This commit is contained in:
Michael Nebel
2022-11-14 10:52:55 +01:00
parent 663112576a
commit a8ee878356
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -135,6 +135,7 @@ private module Frameworks {
private import semmle.code.java.security.ResponseSplitting
private import semmle.code.java.security.InformationLeak
private import semmle.code.java.security.Files
private import semmle.code.java.security.FragmentInjection
private import semmle.code.java.security.GroovyInjection
private import semmle.code.java.security.ImplicitPendingIntents
private import semmle.code.java.security.JexlInjectionSinkModels
@@ -613,7 +614,8 @@ module CsvValidation {
"open-url", "jndi-injection", "ldap", "sql", "jdbc-url", "logging", "mvel", "xpath",
"groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent",
"url-open-stream", "url-redirect", "create-file", "write-file", "set-hostname-verifier",
"header-splitting", "information-leak", "xslt", "jexl", "bean-validation", "ssti"
"header-splitting", "information-leak", "xslt", "jexl", "bean-validation", "ssti",
"fragment-injection"
] and
not kind.matches("regex-use%") and
not kind.matches("qltest%") and