hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix a mistake ioutil => io/ioutil

Browse Source
This commit is contained in:
amammad
2023-09-06 03:38:06 +10:00
parent f79bd2a071
commit c76d0d364d
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
go/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql
View File

@@ -16,6 +16,7 @@ import semmle.go.dataflow.Properties
import semmle.go.security.FlowSources
import CmdLineFlowSource
module DecompressionBombs implements DataFlow::StateConfigSig {
class FlowState = DataFlow::FlowState;
@@ -24,9 +25,8 @@ module DecompressionBombs implements DataFlow::StateConfigSig {
source instanceof UntrustedFlowSource
or
source instanceof CmdLineFlowSource
// uncomment following source to be able to detect https://github.com/advisories/GHSA-jpxj-2jvg-6jv9
// or
// source.asParameter() = any(Parameter p)
or
source.asParameter() = any(Parameter p)
) and
state =
[
@@ -59,7 +59,7 @@ module DecompressionBombs implements DataFlow::StateConfigSig {
sink = f.getACall().getReceiver()
)
or
exists(DataFlow::Function f | f.hasQualifiedName("ioutil", "ReadAll") |
exists(DataFlow::Function f | f.hasQualifiedName("io/ioutil", "ReadAll") |
sink = f.getACall().getArgument(0)
)
or