Cleanup according to review comments.

2026-05-03 12:45:27 +02:00 · 2020-06-27 18:30:36 +02:00
parent 31a2972eca
commit aff0e0eb25
2 changed files with 2 additions and 2 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.qhelp
@@ -27,7 +27,7 @@ and validate the expressions before evaluation.</p>
 </example>

 <references>
-<li>OGNL library: <a href="https://github.com/jkuhnert/ognl/">OGNL library</a>.</li>
+<li><a href="https://github.com/jkuhnert/ognl/">OGNL library</a>.</li>
 <li>Struts security: <a href="https://struts.apache.org/security/#proactively-protect-from-ognl-expression-injections-attacks-if-easily-applicable">Proactively protect from OGNL Expression Injections attacks</a>.</li>
 </references>
 </qhelp>
--- a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjectionLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjectionLib.qll
@@ -49,7 +49,7 @@ class TypeOgnlUtil extends Class {
 */
 predicate ognlSinkMethod(Method m, int index) {
  (
-    m.getDeclaringType() instanceof TypeOgnl and index = 0
+    m.getDeclaringType() instanceof TypeOgnl
    or
    m.getDeclaringType().getAnAncestor*() instanceof TypeNode
  ) and