hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 00:35:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Deprecate the local content of UrlRedirectLocalQuery and remove the local query variant.

Browse Source
This commit is contained in:
Michael Nebel
2024-05-01 10:56:19 +02:00
parent ed7538d0b9
commit d9c7401ea2
3 changed files with 4 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/UrlRedirectLocalQuery.qll
View File

@@ -7,13 +7,15 @@ private import semmle.code.java.security.UrlRedirect
/**
* A taint-tracking configuration to reason about URL redirection from local sources.
*/
module UrlRedirectLocalConfig implements DataFlow::ConfigSig {
deprecated module UrlRedirectLocalConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink }
}
/**
* DEPRECATED: Use `UrlRedirectFlow` instead and configure threat model sources to include `local`.
*
* Taint-tracking flow for URL redirection from local sources.
*/
module UrlRedirectLocalFlow = TaintTracking::Global<UrlRedirectLocalConfig>;
deprecated module UrlRedirectLocalFlow = TaintTracking::Global<UrlRedirectLocalConfig>;