hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

add type requirement to the new Uri sanitizers

Browse Source
This commit is contained in:
erik-krogh
2024-02-13 13:10:38 +01:00
parent 4dae8d0bb4
commit d31bfc06c2
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
View File

@@ -167,7 +167,7 @@ class ContainsUrlSanitizer extends Sanitizer {
private predicate isRelativeUrlSanitizer(Guard guard, Expr e, AbstractValue v) {
exists(PropertyAccess access | access = guard |
access.getProperty().getName() = "IsAbsoluteUri" and
// TOOD: type = URL?
access.getQualifier().getType().getFullyQualifiedName() = "System.Uri" and
e = access.getQualifier() and
v.(AbstractValues::BooleanValue).getValue() = false
)
@@ -190,6 +190,7 @@ private predicate isHostComparisonSanitizer(Guard guard, Expr e, AbstractValue v
exists(EqualityOperation comparison | comparison = guard |
exists(PropertyAccess access | access = comparison.getAnOperand() |
access.getProperty().getName() = "Host" and
access.getQualifier().getType().getFullyQualifiedName() = "System.Uri" and
e = access.getQualifier()
) and
if comparison instanceof EQExpr