hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Deprecate the content of ExternallyControlledFormatStringLocalQuery and remove the externally controlled format string local query variant.

Browse Source
This commit is contained in:
Michael Nebel
2024-04-30 14:40:24 +02:00
parent 85a4dd0325
commit acd0fa4b7b
7 changed files with 26 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringLocalQuery.qll
View File

@@ -5,7 +5,7 @@ private import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.StringFormat
/** A taint-tracking configuration to reason about externally-controlled format strings from local sources. */
module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSig {
deprecated module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
predicate isSink(DataFlow::Node sink) {
@@ -18,7 +18,9 @@ module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSi
}
/**
* DEPRECATED: Use `ExternallyControlledFormatStringFlow` instead and configure threat model sources to include `local`.
*
* Taint-tracking flow for externally-controlled format strings from local sources.
*/
module ExternallyControlledFormatStringLocalFlow =
deprecated module ExternallyControlledFormatStringLocalFlow =
TaintTracking::Global<ExternallyControlledFormatStringLocalConfig>;