hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move LdapInjectionLib to LdapInjectionQuery.qll

Browse Source
This commit is contained in:
Ed Minnix
2023-03-28 16:35:35 -04:00
parent 1add692643
commit e3af8b2c7f
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/Security/CWE/CWE-090/LdapInjectionLib.qll → java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll
View File

@@ -1,3 +1,5 @@
/** Provides a taint tracking configuration to reason about unvalidated user input that is used to construct LDAP queries. */
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.LdapInjection
@@ -17,4 +19,5 @@ module LdapInjectionFlowConfig implements DataFlow::ConfigSig {
}
}
/** Tracks flow from remote sources to LDAP injection vulnerabilities. */
module LdapInjectionFlow = TaintTracking::Global<LdapInjectionFlowConfig>;

2
java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
View File

@@ -13,7 +13,7 @@
import java
import semmle.code.java.dataflow.FlowSources
import LdapInjectionLib
import semmle.code.java.security.LdapInjectionQuery
import LdapInjectionFlow::PathGraph
from LdapInjectionFlow::PathNode source, LdapInjectionFlow::PathNode sink