Remove CSV data from query

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2026-04-29 10:45:15 +02:00 · 2021-03-09 10:50:15 +00:00
parent ed228cbcef
commit bd4a414abd
1 changed files with 7 additions and 8 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql
@@ -22,13 +22,6 @@ class URLConstructor extends ClassInstanceExpr {
  }
 }

-class URLOpenStreamCsv extends SinkModelCsv {
-  override predicate row(string row) {
-    //"package;type;overrides;name;signature;ext;inputspec;kind",
-    row = "java.net;URL;true;openStream;();;Argument[-1];url-open-stream"
-  }
-}
-
 class URLOpenStreamMethod extends Method {
  URLOpenStreamMethod() {
    this.getDeclaringType() instanceof TypeUrl and
@@ -41,7 +34,13 @@ class RemoteURLToOpenStreamFlowConfig extends TaintTracking::Configuration {

  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

-  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "url-open-stream") }
+  override predicate isSink(DataFlow::Node sink) {
+    exists(MethodAccess m |
+      sink.asExpr() = m.getQualifier() and m.getMethod() instanceof URLOpenStreamMethod
+    )
+    or
+    sinkNode(sink, "url-open-stream")
+  }

  override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
    exists(URLConstructor u |