hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix codescanning alert by tweaking imported modules

Browse Source
This commit is contained in:
Joe Farebrother
2023-09-25 15:47:05 +01:00
parent 3efbbb3645
commit d7c1be40d9
1 changed files with 2 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll
View File

@@ -2,8 +2,6 @@
import csharp
import semmle.code.csharp.dataflow.flowsources.Remote
import DataFlow as DF
import TaintTracking as TT
import ActionMethods
/**
@@ -25,8 +23,8 @@ private predicate hasIdParameter(ActionMethod m) {
// handle cases like `Request.QueryString["Id"]`
exists(StringLiteral idStr, IndexerCall idx |
idStr.getValue().toLowerCase().matches(["%id", "%idx"]) and
TT::localTaint(src, DataFlow::exprNode(idx.getQualifier())) and
DF::localExprFlow(idStr, idx.getArgument(0))
TaintTracking::localTaint(src, DataFlow::exprNode(idx.getQualifier())) and
DataFlow::localExprFlow(idStr, idx.getArgument(0))
)
)
}