hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11730 from smowton/smowton/admin/improve-sql-unescaped-docs

Browse Source 
Java: improve naming and description of SqlUnescaped.ql
This commit is contained in:
Chris Smowton
2023-01-09 12:50:27 +00:00
committed by GitHub
parent c01ce955ba efe23c1da7
commit e9bbb5d7fa
11 changed files with 30 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlConcatenated.expected Normal file
View File

@@ -0,0 +1,11 @@
| Test.java:36:47:36:52 | query1 | Query built by concatenation with $@, which may be untrusted. | Test.java:35:8:35:15 | category | this expression |
| Test.java:42:57:42:62 | query2 | Query built by concatenation with $@, which may be untrusted. | Test.java:41:51:41:52 | id | this expression |
| Test.java:50:62:50:67 | query3 | Query built by concatenation with $@, which may be untrusted. | Test.java:49:8:49:15 | category | this expression |
| Test.java:62:47:62:61 | querySbToString | Query built by concatenation with $@, which may be untrusted. | Test.java:58:19:58:26 | category | this expression |
| Test.java:70:40:70:44 | query | Query built by concatenation with $@, which may be untrusted. | Test.java:69:50:69:54 | price | this expression |
| Test.java:70:40:70:44 | query | Query built by concatenation with $@, which may be untrusted. | Test.java:69:77:69:80 | item | this expression |
| Test.java:78:46:78:50 | query | Query built by concatenation with $@, which may be untrusted. | Test.java:77:50:77:54 | price | this expression |
| Test.java:78:46:78:50 | query | Query built by concatenation with $@, which may be untrusted. | Test.java:77:77:77:80 | item | this expression |
| Test.java:98:47:98:60 | queryFromField | Query built by concatenation with $@, which may be untrusted. | Test.java:97:8:97:19 | categoryName | this expression |
| Test.java:108:47:108:61 | querySbToString | Query built by concatenation with $@, which may be untrusted. | Test.java:104:19:104:30 | categoryName | this expression |
| Test.java:118:47:118:62 | querySb2ToString | Query built by concatenation with $@, which may be untrusted. | Test.java:114:46:114:57 | categoryName | this expression |

1
java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlConcatenated.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-089/SqlConcatenated.ql

11
java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlUnescaped.expected
View File

@@ -1,11 +0,0 @@
| Test.java:36:47:36:52 | query1 | Query might not neutralize special characters in $@. | Test.java:35:8:35:15 | category | this expression |
| Test.java:42:57:42:62 | query2 | Query might not neutralize special characters in $@. | Test.java:41:51:41:52 | id | this expression |
| Test.java:50:62:50:67 | query3 | Query might not neutralize special characters in $@. | Test.java:49:8:49:15 | category | this expression |
| Test.java:62:47:62:61 | querySbToString | Query might not neutralize special characters in $@. | Test.java:58:19:58:26 | category | this expression |
| Test.java:70:40:70:44 | query | Query might not neutralize special characters in $@. | Test.java:69:50:69:54 | price | this expression |
| Test.java:70:40:70:44 | query | Query might not neutralize special characters in $@. | Test.java:69:77:69:80 | item | this expression |
| Test.java:78:46:78:50 | query | Query might not neutralize special characters in $@. | Test.java:77:50:77:54 | price | this expression |
| Test.java:78:46:78:50 | query | Query might not neutralize special characters in $@. | Test.java:77:77:77:80 | item | this expression |
| Test.java:98:47:98:60 | queryFromField | Query might not neutralize special characters in $@. | Test.java:97:8:97:19 | categoryName | this expression |
| Test.java:108:47:108:61 | querySbToString | Query might not neutralize special characters in $@. | Test.java:104:19:104:30 | categoryName | this expression |
| Test.java:118:47:118:62 | querySb2ToString | Query might not neutralize special characters in $@. | Test.java:114:46:114:57 | categoryName | this expression |

1
java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlUnescaped.qlref
View File

@@ -1 +0,0 @@
Security/CWE/CWE-089/SqlUnescaped.ql

2
java/ql/test/query-tests/security/CWE-089/semmle/examples/sbQuery.ql
View File

@@ -1,4 +1,4 @@
import semmle.code.java.security.SqlUnescapedLib
import semmle.code.java.security.SqlConcatenatedLib
from StringBuilderVar sbv, Expr uncontrolled, Method method, int methodLine
where