Java: Refactor UnsafeContentUriResolution.

2026-04-30 03:05:15 +02:00 · 2023-03-15 10:32:58 +01:00
parent 4b814ec71c
commit b3b5c2c767
3 changed files with 29 additions and 12 deletions
--- a/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
+++ b/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
@@ -14,10 +14,10 @@

 import java
 import semmle.code.java.security.UnsafeContentUriResolutionQuery
-import DataFlow::PathGraph
+import UnsafeContentResolutionFlow::PathGraph

-from DataFlow::PathNode src, DataFlow::PathNode sink
-where any(UnsafeContentResolutionConf c).hasFlowPath(src, sink)
+from UnsafeContentResolutionFlow::PathNode src, UnsafeContentResolutionFlow::PathNode sink
+where UnsafeContentResolutionFlow::hasFlowPath(src, sink)
 select sink.getNode(), src, sink,
  "This ContentResolver method that resolves a URI depends on a $@.", src.getNode(),
  "user-provided value"