hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Consider File.exists() et al a path-injection sink

Browse Source
This commit is contained in:
Tony Torralba
2024-01-30 10:43:56 +01:00
parent 6e550d28af
commit e2bf9ea2eb
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/test/library-tests/neutrals/neutralsinks/Test.java
View File

@@ -14,11 +14,9 @@ public class Test {
// java.io
File file = null;
file.exists(); // $ isNeutralSink
file.compareTo(null); // $ isNeutralSink
// java.nio.file
Files.exists(null, (LinkOption[])null); // $ isNeutralSink
Files.getLastModifiedTime(null, (LinkOption[])null); // $ isNeutralSink
Files.getOwner(null, (LinkOption[])null); // $ isNeutralSink
Files.getPosixFilePermissions(null, (LinkOption[])null); // $ isNeutralSink
@@ -30,7 +28,6 @@ public class Test {
Files.isSameFile(null, null); // $ isNeutralSink
Files.isSymbolicLink(null); // $ isNeutralSink
Files.isWritable(null); // $ isNeutralSink
Files.notExists(null, (LinkOption[])null); // $ isNeutralSink
Files.setLastModifiedTime(null, null); // $ isNeutralSink
Files.size(null); // $ isNeutralSink