hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 01:10:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Deprecate the content of XssLocalQuery and remove the Xss local query variant.

Browse Source
This commit is contained in:
Michael Nebel
2024-04-30 10:35:37 +02:00
parent 3a2b0a2feb
commit e0c2a43780
3 changed files with 4 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/XssLocalQuery.qll
View File

@@ -8,7 +8,7 @@ private import semmle.code.java.security.XSS
/**
* A taint-tracking configuration for reasoning about cross-site scripting vulnerabilities from a local source.
*/
module XssLocalConfig implements DataFlow::ConfigSig {
deprecated module XssLocalConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }
@@ -23,6 +23,8 @@ module XssLocalConfig implements DataFlow::ConfigSig {
}
/**
* DEPRECATED: Use `XssFlow` instead and configure threat model sources to include `local`.
*
* Taint-tracking flow for cross-site scripting vulnerabilities from a local source.
*/
module XssLocalFlow = TaintTracking::Global<XssLocalConfig>;
deprecated module XssLocalFlow = TaintTracking::Global<XssLocalConfig>;