hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move pattern check to MatchRegexConfiguration::isSink

Browse Source
This commit is contained in:
luchua-bc
2022-08-30 22:48:12 +00:00
parent 3e382fd47c
commit e2e87980cc
3 changed files with 22 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
java/ql/test/experimental/query-tests/security/CWE-625/PermissiveDotRegex.expected
View File

@@ -1,23 +1,9 @@
edges
| DotRegexFilter.java:16:30:16:46 | PROTECTED_PATTERN : String | DotRegexFilter.java:31:31:31:47 | PROTECTED_PATTERN |
| DotRegexFilter.java:16:50:16:64 | "/protected/.*" : String | DotRegexFilter.java:16:30:16:46 | PROTECTED_PATTERN : String |
| DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | DotRegexFilter.java:32:25:32:30 | source |
| DotRegexFilter.java:50:19:50:43 | getPathInfo(...) : String | DotRegexFilter.java:53:25:53:30 | source |
| DotRegexServlet.java:12:30:12:46 | PROTECTED_PATTERN : String | DotRegexServlet.java:21:31:21:47 | PROTECTED_PATTERN |
| DotRegexServlet.java:12:30:12:46 | PROTECTED_PATTERN : String | DotRegexServlet.java:59:36:59:52 | PROTECTED_PATTERN |
| DotRegexServlet.java:12:30:12:46 | PROTECTED_PATTERN : String | DotRegexServlet.java:77:37:77:53 | PROTECTED_PATTERN |
| DotRegexServlet.java:12:30:12:46 | PROTECTED_PATTERN : String | DotRegexServlet.java:114:31:114:47 | PROTECTED_PATTERN |
| DotRegexServlet.java:12:50:12:64 | "/protected/.*" : String | DotRegexServlet.java:12:30:12:46 | PROTECTED_PATTERN : String |
| DotRegexServlet.java:19:19:19:39 | getPathInfo(...) : String | DotRegexServlet.java:22:25:22:30 | source |
| DotRegexServlet.java:38:19:38:39 | getPathInfo(...) : String | DotRegexServlet.java:41:25:41:30 | source |
| DotRegexServlet.java:57:19:57:41 | getRequestURI(...) : String | DotRegexServlet.java:59:21:59:26 | source |
| DotRegexServlet.java:75:19:75:39 | getPathInfo(...) : String | DotRegexServlet.java:77:56:77:61 | source |
| DotRegexServlet.java:93:19:93:39 | getPathInfo(...) : String | DotRegexServlet.java:96:25:96:30 | source |
| DotRegexServlet.java:112:19:112:39 | getPathInfo(...) : String | DotRegexServlet.java:115:25:115:30 | source |
| DotRegexServlet.java:133:19:133:39 | getPathInfo(...) : String | DotRegexServlet.java:136:25:136:30 | source |
| DotRegexSpring.java:15:30:15:46 | PROTECTED_PATTERN : String | DotRegexSpring.java:21:31:21:47 | PROTECTED_PATTERN |
| DotRegexSpring.java:15:30:15:46 | PROTECTED_PATTERN : String | DotRegexSpring.java:38:31:38:47 | PROTECTED_PATTERN |
| DotRegexSpring.java:15:50:15:64 | "/protected/.*" : String | DotRegexSpring.java:15:30:15:46 | PROTECTED_PATTERN : String |
| DotRegexSpring.java:20:26:20:50 | path : String | DotRegexSpring.java:22:21:22:24 | path : String |
| DotRegexSpring.java:22:10:22:25 | decodePath(...) : String | DotRegexSpring.java:23:25:23:28 | path |
| DotRegexSpring.java:22:21:22:24 | path : String | DotRegexSpring.java:22:10:22:25 | decodePath(...) : String |
@@ -26,59 +12,30 @@ edges
| DotRegexSpring.java:39:10:39:25 | decodePath(...) : String | DotRegexSpring.java:40:25:40:28 | path |
| DotRegexSpring.java:39:21:39:24 | path : String | DotRegexSpring.java:39:10:39:25 | decodePath(...) : String |
| DotRegexSpring.java:39:21:39:24 | path : String | DotRegexSpring.java:69:28:69:38 | path : String |
| DotRegexSpring.java:54:34:54:58 | path : String | DotRegexSpring.java:56:21:56:24 | path : String |
| DotRegexSpring.java:56:10:56:25 | decodePath(...) : String | DotRegexSpring.java:57:25:57:28 | path |
| DotRegexSpring.java:56:21:56:24 | path : String | DotRegexSpring.java:56:10:56:25 | decodePath(...) : String |
| DotRegexSpring.java:56:21:56:24 | path : String | DotRegexSpring.java:69:28:69:38 | path : String |
| DotRegexSpring.java:69:28:69:38 | path : String | DotRegexSpring.java:71:29:71:32 | path : String |
| DotRegexSpring.java:69:28:69:38 | path : String | DotRegexSpring.java:73:10:73:13 | path : String |
| DotRegexSpring.java:71:11:71:42 | decode(...) : String | DotRegexSpring.java:71:29:71:32 | path : String |
| DotRegexSpring.java:71:11:71:42 | decode(...) : String | DotRegexSpring.java:73:10:73:13 | path : String |
| DotRegexSpring.java:71:29:71:32 | path : String | DotRegexSpring.java:71:11:71:42 | decode(...) : String |
nodes
| DotRegexFilter.java:16:30:16:46 | PROTECTED_PATTERN : String | semmle.label | PROTECTED_PATTERN : String |
| DotRegexFilter.java:16:50:16:64 | "/protected/.*" : String | semmle.label | "/protected/.*" : String |
| DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | semmle.label | getPathInfo(...) : String |
| DotRegexFilter.java:31:31:31:47 | PROTECTED_PATTERN | semmle.label | PROTECTED_PATTERN |
| DotRegexFilter.java:32:25:32:30 | source | semmle.label | source |
| DotRegexFilter.java:50:19:50:43 | getPathInfo(...) : String | semmle.label | getPathInfo(...) : String |
| DotRegexFilter.java:53:25:53:30 | source | semmle.label | source |
| DotRegexServlet.java:12:30:12:46 | PROTECTED_PATTERN : String | semmle.label | PROTECTED_PATTERN : String |
| DotRegexServlet.java:12:50:12:64 | "/protected/.*" : String | semmle.label | "/protected/.*" : String |
| DotRegexServlet.java:19:19:19:39 | getPathInfo(...) : String | semmle.label | getPathInfo(...) : String |
| DotRegexServlet.java:21:31:21:47 | PROTECTED_PATTERN | semmle.label | PROTECTED_PATTERN |
| DotRegexServlet.java:22:25:22:30 | source | semmle.label | source |
| DotRegexServlet.java:38:19:38:39 | getPathInfo(...) : String | semmle.label | getPathInfo(...) : String |
| DotRegexServlet.java:41:25:41:30 | source | semmle.label | source |
| DotRegexServlet.java:57:19:57:41 | getRequestURI(...) : String | semmle.label | getRequestURI(...) : String |
| DotRegexServlet.java:59:21:59:26 | source | semmle.label | source |
| DotRegexServlet.java:59:36:59:52 | PROTECTED_PATTERN | semmle.label | PROTECTED_PATTERN |
| DotRegexServlet.java:75:19:75:39 | getPathInfo(...) : String | semmle.label | getPathInfo(...) : String |
| DotRegexServlet.java:77:37:77:53 | PROTECTED_PATTERN | semmle.label | PROTECTED_PATTERN |
| DotRegexServlet.java:77:56:77:61 | source | semmle.label | source |
| DotRegexServlet.java:93:19:93:39 | getPathInfo(...) : String | semmle.label | getPathInfo(...) : String |
| DotRegexServlet.java:96:25:96:30 | source | semmle.label | source |
| DotRegexServlet.java:112:19:112:39 | getPathInfo(...) : String | semmle.label | getPathInfo(...) : String |
| DotRegexServlet.java:114:31:114:47 | PROTECTED_PATTERN | semmle.label | PROTECTED_PATTERN |
| DotRegexServlet.java:115:25:115:30 | source | semmle.label | source |
| DotRegexServlet.java:133:19:133:39 | getPathInfo(...) : String | semmle.label | getPathInfo(...) : String |
| DotRegexServlet.java:136:25:136:30 | source | semmle.label | source |
| DotRegexSpring.java:15:30:15:46 | PROTECTED_PATTERN : String | semmle.label | PROTECTED_PATTERN : String |
| DotRegexSpring.java:15:50:15:64 | "/protected/.*" : String | semmle.label | "/protected/.*" : String |
| DotRegexSpring.java:20:26:20:50 | path : String | semmle.label | path : String |
| DotRegexSpring.java:21:31:21:47 | PROTECTED_PATTERN | semmle.label | PROTECTED_PATTERN |
| DotRegexSpring.java:22:10:22:25 | decodePath(...) : String | semmle.label | decodePath(...) : String |
| DotRegexSpring.java:22:21:22:24 | path : String | semmle.label | path : String |
| DotRegexSpring.java:23:25:23:28 | path | semmle.label | path |
| DotRegexSpring.java:37:40:37:64 | path : String | semmle.label | path : String |
| DotRegexSpring.java:38:31:38:47 | PROTECTED_PATTERN | semmle.label | PROTECTED_PATTERN |
| DotRegexSpring.java:39:10:39:25 | decodePath(...) : String | semmle.label | decodePath(...) : String |
| DotRegexSpring.java:39:21:39:24 | path : String | semmle.label | path : String |
| DotRegexSpring.java:40:25:40:28 | path | semmle.label | path |
| DotRegexSpring.java:54:34:54:58 | path : String | semmle.label | path : String |
| DotRegexSpring.java:56:10:56:25 | decodePath(...) : String | semmle.label | decodePath(...) : String |
| DotRegexSpring.java:56:21:56:24 | path : String | semmle.label | path : String |
| DotRegexSpring.java:57:25:57:28 | path | semmle.label | path |
| DotRegexSpring.java:69:28:69:38 | path : String | semmle.label | path : String |
| DotRegexSpring.java:71:11:71:42 | decode(...) : String | semmle.label | decode(...) : String |
| DotRegexSpring.java:71:29:71:32 | path : String | semmle.label | path : String |
@@ -86,7 +43,6 @@ nodes
subpaths
| DotRegexSpring.java:22:21:22:24 | path : String | DotRegexSpring.java:69:28:69:38 | path : String | DotRegexSpring.java:73:10:73:13 | path : String | DotRegexSpring.java:22:10:22:25 | decodePath(...) : String |
| DotRegexSpring.java:39:21:39:24 | path : String | DotRegexSpring.java:69:28:69:38 | path : String | DotRegexSpring.java:73:10:73:13 | path : String | DotRegexSpring.java:39:10:39:25 | decodePath(...) : String |
| DotRegexSpring.java:56:21:56:24 | path : String | DotRegexSpring.java:69:28:69:38 | path : String | DotRegexSpring.java:73:10:73:13 | path : String | DotRegexSpring.java:56:10:56:25 | decodePath(...) : String |
#select
| DotRegexFilter.java:32:25:32:30 | source | DotRegexFilter.java:29:19:29:43 | getPathInfo(...) : String | DotRegexFilter.java:32:25:32:30 | source | Potentially authentication bypass due to $@. | DotRegexFilter.java:29:19:29:43 | getPathInfo(...) | user-provided value |
| DotRegexServlet.java:22:25:22:30 | source | DotRegexServlet.java:19:19:19:39 | getPathInfo(...) : String | DotRegexServlet.java:22:25:22:30 | source | Potentially authentication bypass due to $@. | DotRegexServlet.java:19:19:19:39 | getPathInfo(...) | user-provided value |