hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add the constraint that the caller method must throw an exception

Browse Source
This commit is contained in:
luchua-bc
2020-11-11 16:47:53 +00:00
parent a83f9ced96
commit dcb7324643
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql
View File

@@ -48,9 +48,10 @@ class UncaughtServletExceptionSink extends DataFlow::ExprNode {
UncaughtServletExceptionSink() {
exists(Method m, MethodAccess ma | ma.getMethod() = m |
isServletMethod(ma.getEnclosingCallable()) and
exists(m.getAThrownExceptionType()) and // The called method might plausibly throw an exception.
ma.getAnArgument() = this.getExpr() and
not exists(TryStmt t |
t.getBlock() = ma.getEnclosingStmt().getEnclosingStmt*() and
t.getBlock() = ma.getAnEnclosingStmt() and
exceptionIsCaught(t, m.getAThrownExceptionType())
)
)