hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Simplify the QL a bit further.

Browse Source
This commit is contained in:
Geoffrey White
2023-10-13 17:40:03 +01:00
parent d0f214a9a7
commit aa0db1426d
1 changed files with 1 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
swift/ql/lib/codeql/swift/security/XXEExtensions.qll
View File

@@ -172,20 +172,12 @@ private class Libxml2XxeSink extends XxeSink {
Libxml2XxeSink() {
exists(Libxml2ParseCall c, Libxml2BadOption opt |
this.asExpr() = c.getXml() and
lib2xmlOptionLocalTaintStep*(DataFlow::exprNode(opt.getAnAccess()),
TaintTracking::localTaintStep*(DataFlow::exprNode(opt.getAnAccess()),
DataFlow::exprNode(c.getOptions()))
)
}
}
/**
* Holds if taint can flow from `source` to `sink` in one local step,
* including bitwise operations, accesses to `.rawValue`, and casts to `Int32`.
*/
private predicate lib2xmlOptionLocalTaintStep(DataFlow::Node source, DataFlow::Node sink) {
TaintTracking::localTaintStep(source, sink)
}
/**
* A sink defined in a CSV model.
*/