hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add more type-based sanitizers.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2024-09-25 10:03:55 +02:00
parent 590e93d8ed
commit aaecb9bb7a
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/lib/semmle/code/java/security/Sanitizers.qll
View File

@@ -13,6 +13,16 @@ class SimpleTypeSanitizer extends DataFlow::Node {
this.getType() instanceof BoxedType or
this.getType() instanceof NumberType or
this.getType().(RefType).hasQualifiedName("java.util", "UUID") or
this.getType().(RefType).hasQualifiedName("java.util", "Date")
this.getType().(RefType).getASourceSupertype*().hasQualifiedName("java.util", "Date") or
this.getType().(RefType).hasQualifiedName("java.util", "Calendar") or
this.getType().(RefType).hasQualifiedName("java.util", "BitSet") or
this.getType()
.(RefType)
.getASourceSupertype*()
.hasQualifiedName("java.time.temporal", "TemporalAmount") or
this.getType()
.(RefType)
.getASourceSupertype*()
.hasQualifiedName("java.time.temporal", "TemporalAccessor")
}
}