hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update method name and qldoc

Browse Source
This commit is contained in:
luchua-bc
2021-05-17 20:34:16 +00:00
parent 1497fba6f2
commit e652d8771c
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql
View File

@@ -52,7 +52,7 @@ class LoadClassMethod extends Method {
* Holds if `ma` is a call to a class-loading method, and `sink` is the byte array
* representing the class to be loaded.
*/
predicate loadClass(MethodAccess ma, Expr sink) {
predicate loadsClass(MethodAccess ma, Expr sink) {
exists(Method m, int i | m = ma.getMethod() |
m instanceof LoadClassMethod and
m.getParameter(i).getType() instanceof Array and // makeClass(java.lang.String name, byte[] data, ...)
@@ -85,17 +85,21 @@ predicate compile(MethodAccess ma, Expr sink) {
class CodeInjectionSink extends DataFlow::ExprNode {
CodeInjectionSink() {
runCode(_, this.getExpr()) or
loadClass(_, this.getExpr()) or
loadsClass(_, this.getExpr()) or
compile(_, this.getExpr())
}
MethodAccess getMethodAccess() {
runCode(result, this.getExpr()) or
loadClass(result, this.getExpr()) or
loadsClass(result, this.getExpr()) or
compile(result, this.getExpr())
}
}
/**
* A taint configuration for tracking flow from `RemoteFlowSource` to a Jython method call
* `CodeInjectionSink` that executes injected code.
*/
class CodeInjectionConfiguration extends TaintTracking::Configuration {
CodeInjectionConfiguration() { this = "CodeInjectionConfiguration" }