hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Query to detect LDAP injections in Java

Browse Source 
Autoformat
This commit is contained in:
Grzegorz Golawski
2020-01-22 21:42:47 +01:00
parent 00ee3d2549
commit bed6a9886f
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/Security/CWE/CWE-90/LdapInjection.ql
View File

@@ -15,8 +15,7 @@ import semmle.code.java.dataflow.FlowSources
import LdapInjectionLib import LdapInjectionLib
import DataFlow::PathGraph import DataFlow::PathGraph
from from DataFlow::PathNode source, DataFlow::PathNode sink, LdapInjectionFlowConfig conf
DataFlow::PathNode source, DataFlow::PathNode sink, LdapInjectionFlowConfig conf
where conf.hasFlowPath(source, sink) where conf.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "LDAP query might include code from $@.", source.getNode(), select sink.getNode(), source, sink, "LDAP query might include code from $@.", source.getNode(),
"this user input" "this user input"