hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Address review comments.

Browse Source
This commit is contained in:
Michael Nebel
2023-10-09 13:06:59 +02:00
parent dca39348ab
commit cf3a62d201
2 changed files with 6 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -618,7 +618,7 @@ private MethodAccess callReturningSameType(Expr ref) {
}
private SrcRefType entrypointType() {
exists(RemoteFlowSource s, RefType t |
exists(ThreatModelFlowSource s, RefType t |
s instanceof DataFlow::ExplicitParameterNode and
t = pragma[only_bind_out](s).getType() and
not t instanceof TypeObject and
@@ -629,6 +629,10 @@ private SrcRefType entrypointType() {
}
private predicate entrypointFieldStep(DataFlow::Node src, DataFlow::Node sink) {
src = DataFlow::getFieldQualifier(sink.asExpr().(FieldRead)) and
exists(FieldRead fa |
fa = sink.asExpr() and
src = DataFlow::getFieldQualifier(fa) and
not fa.getField().isStatic()
) and
src.getType().(RefType).getSourceDeclaration() = entrypointType()
}