hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12643 from chmodxxx/sbaddou/jndisanitizer

Browse Source 
Java : Add JndiInjection Sanitizer Class
This commit is contained in:
Tony Torralba
2023-03-24 09:04:54 +01:00
committed by GitHub
parent 9d88f01c82 3eed4b4186
commit c395779b85
3 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/change-notes/2023-03-23-jndi-sanitizer.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added the extensible abstract class `JndiInjectionSanitizer`. Now this class can be extended to add more sanitizers to the `java/jndi-injection` query.

3
java/ql/lib/semmle/code/java/security/JndiInjection.qll
View File

@@ -9,6 +9,9 @@ private import semmle.code.java.frameworks.SpringLdap
/** A data flow sink for unvalidated user input that is used in JNDI lookup. */
abstract class JndiInjectionSink extends DataFlow::Node { }
/** A sanitizer for JNDI injection vulnerabilities. */
abstract class JndiInjectionSanitizer extends DataFlow::Node { }
/**
* A unit class for adding additional taint steps.
*

4
java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll
View File

@@ -17,7 +17,9 @@ class JndiInjectionFlowConfig extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof JndiInjectionSink }
override predicate isSanitizer(DataFlow::Node node) {
node.getType() instanceof PrimitiveType or node.getType() instanceof BoxedType
node.getType() instanceof PrimitiveType or
node.getType() instanceof BoxedType or
node instanceof JndiInjectionSanitizer
}
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {