hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor Security.CWE.CWE-643.XPathInjection

Browse Source
This commit is contained in:
Ed Minnix
2023-03-15 15:16:50 -04:00
parent 271d50ba99
commit a9561a97c3
1 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
View File

@@ -15,17 +15,18 @@ import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.XPath
import DataFlow::PathGraph
class XPathInjectionConfiguration extends TaintTracking::Configuration {
XPathInjectionConfiguration() { this = "XPathInjection" }
private module XPathInjectionConfiguration implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
predicate isSink(DataFlow::Node sink) { sink instanceof XPathInjectionSink }
}
from DataFlow::PathNode source, DataFlow::PathNode sink, XPathInjectionConfiguration c
where c.hasFlowPath(source, sink)
module XPathInjectionFlow = TaintTracking::Make<XPathInjectionConfiguration>;
import XPathInjectionFlow::PathGraph
from XPathInjectionFlow::PathNode source, XPathInjectionFlow::PathNode sink
where XPathInjectionFlow::hasFlowPath(source, sink)
select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(),
"user-provided value"