hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Clean up MVEL injection query

Browse Source
This commit is contained in:
Artem Smotrakov
2020-06-05 17:22:45 +03:00
parent 2842aeee72
commit b7c3dd666c
2 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/src/experimental/Security/CWE/CWE-094/MvelInjection.qhelp
View File

@@ -23,6 +23,7 @@ The following example uses untrusted data to build a MVEL expression
and then runs it in the default powerfull context.
</p>
<sample src="UnsafeMvelExpressionEvaluation.java" />
</example>
<references>
<li>

4
java/ql/src/experimental/Security/CWE/CWE-094/MvelInjectionLib.qll
View File

@@ -100,10 +100,6 @@ predicate createCompiledAccExpressionStep(DataFlow::Node node1, DataFlow::Node n
)
}
predicate test() {
exists(ConstructorCall cc | cc.getConstructedType() instanceof CompiledAccExpression)
}
/**
* Holds if `node1` to `node2` is a dataflow step that compiles a MVEL expression
* by calling `ExpressionCompiler.compile()`.