hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Model taint for FilterOutputStream

Browse Source
This commit is contained in:
Benjamin Muskalla
2021-11-09 10:20:15 +01:00
parent 1e31416049
commit bfe2e2e0b9
4 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -373,7 +373,11 @@ private predicate summaryModelCsv(string row) {
"java.io;StringReader;false;StringReader;;;Argument[0];Argument[-1];taint",
"java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];Argument[-1];taint",
"java.io;BufferedReader;false;BufferedReader;;;Argument[0];Argument[-1];taint",
"java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint"
"java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint",
"java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint",
"java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint",
"java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint",
"java.io;FilterOutputStream;true;FilterOutputStream;(OutputStream);;Argument[0];Argument[-1];taint"
]
}

7
java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -376,13 +376,6 @@ private predicate argToQualifierStep(Expr tracked, Expr sink) {
* `arg` is the index of the argument.
*/
private predicate taintPreservingArgumentToQualifier(Method method, int arg) {
exists(Method write |
method.overrides*(write) and
write.hasName("write") and
arg = 0 and
write.getDeclaringType().hasQualifiedName("java.io", "OutputStream")
)
or
method.(TaintPreservingCallable).transfersTaint(arg, -1)
}