hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

change string match to regex match

Browse Source
This commit is contained in:
retanoj
2022-12-06 21:50:09 +08:00
parent 2bbd37f9ab
commit b0c86d8e51
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/Security/CWE/CWE-089/MyBatisCommonLib.qll
View File

@@ -154,7 +154,7 @@ predicate isMybatisXmlOrAnnotationSqlInjection(
or
unsafeExpression.matches("${arg" + i + "%}")
or
unsafeExpression.matches("${" + ma.getMethod().getParameter(i).getName() + "}")
unsafeExpression.regexpMatch("\\$\\{\\s*" + ma.getMethod().getParameter(i).getName() + "\\s*(,.*?)?\\s*\\}")
) and
ma.getArgument(i) = node.asExpr()
)