hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
Jonathan Leitschuh
2022-02-09 22:14:17 -05:00
committed by GitHub
parent 49a73673b6
commit bafcce17d4
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
View File

@@ -121,7 +121,7 @@ private class TempDirSystemGetPropertyToCreateConfig extends TaintTracking::Conf
override predicate isSink(DataFlow::Node sink) {
sink instanceof FileCreationSink and
exists(TempDirSystemGetPropertyDirectlyToMkdirConfig config | not config.hasFlowTo(sink))
not any(TempDirSystemGetPropertyDirectlyToMkdirConfig config).hasFlowTo(sink)
}
override predicate isSanitizer(DataFlow::Node sanitizer) {

2
java/ql/src/Security/CWE/CWE-200/TempDirUtils.qll
View File

@@ -44,7 +44,7 @@ class MethodFileCreateTempFile extends Method {
}
/**
* Holds if `expDest` is some constructor call `new java.io.File(x)` and `expSource` is `x`.
* Holds if `expDest` is some constructor call `new java.io.File(expSource)`, where the specific `File` constructor being used has `paramCount` parameters.
*/
predicate isFileConstructorArgument(Expr expSource, Expr exprDest, int paramCount) {
exists(ConstructorCall construtorCall |