Update Sql Injection queries

move java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll -> java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
2025-12-24 12:46:34 +01:00 · 2022-04-06 10:57:14 +02:00
parent ccd7bb5e70
commit abaa71e2c5
4 changed files with 11 additions and 5 deletions
--- a/java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll
+++ b/java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll
@@ -1,33 +0,0 @@
-/** Definitions used by the queries for database query injection. */
-
-import java
-import semmle.code.java.dataflow.FlowSources
-import semmle.code.java.security.QueryInjection
-
-private class QueryInjectionFlowConfig extends TaintTracking::Configuration {
-  QueryInjectionFlowConfig() { this = "SqlInjectionLib::QueryInjectionFlowConfig" }
-
-  override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    node.getType() instanceof PrimitiveType or
-    node.getType() instanceof BoxedType or
-    node.getType() instanceof NumberType
-  }
-
-  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(AdditionalQueryInjectionTaintStep s).step(node1, node2)
-  }
-}
-
-/**
- * Implementation of `SqlTainted.ql`. This is extracted to a QLL so that it
- * can be excluded from `SqlUnescaped.ql` to avoid overlapping results.
- */
-predicate queryTaintedBy(
-  QueryInjectionSink query, DataFlow::PathNode source, DataFlow::PathNode sink
-) {
-  exists(QueryInjectionFlowConfig conf | conf.hasFlowPath(source, sink) and sink.getNode() = query)
-}
--- a/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+++ b/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
@@ -14,7 +14,7 @@

 import java
 import semmle.code.java.dataflow.FlowSources
-import SqlInjectionLib
+import semmle.code.java.security.SqlInjectionQuery
 import DataFlow::PathGraph

 from QueryInjectionSink query, DataFlow::PathNode source, DataFlow::PathNode sink
--- a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql
+++ b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql
@@ -14,7 +14,7 @@

 import semmle.code.java.Expr
 import semmle.code.java.dataflow.FlowSources
-import SqlInjectionLib
+import semmle.code.java.security.SqlInjectionQuery
 import DataFlow::PathGraph

 class LocalUserInputToQueryInjectionFlowConfig extends TaintTracking::Configuration {
--- a/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql
+++ b/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql
@@ -14,7 +14,7 @@

 import java
 import semmle.code.java.security.SqlUnescapedLib
-import SqlInjectionLib
+import semmle.code.java.security.SqlInjectionQuery

 class UncontrolledStringBuilderSource extends DataFlow::ExprNode {
  UncontrolledStringBuilderSource() {