hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19260 from smowton/smowton/feature/sanitize-enum-types

Browse Source 
Java: Add EnumType to SimpleTypeSanitizer
This commit is contained in:
Chris Smowton
2025-04-09 16:05:13 +01:00
committed by GitHub
parent 949812243b 7a8dfdb971
commit cc379b543c
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string.

3
java/ql/lib/semmle/code/java/security/Sanitizers.qll
View File

@@ -23,6 +23,7 @@ class SimpleTypeSanitizer extends DataFlow::Node {
this.getType() this.getType()
.(RefType) .(RefType)
.getASourceSupertype*() .getASourceSupertype*()
.hasQualifiedName("java.time.temporal", "TemporalAccessor") .hasQualifiedName("java.time.temporal", "TemporalAccessor") or
this.getType() instanceof EnumType
} }
} }