hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added missing doc comments

Browse Source
This commit is contained in:
Tony Torralba
2021-04-26 20:37:48 +02:00
parent fb3e56eac8
commit ee269fbc69
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/semmle/code/java/security/XPath.qll
View File

@@ -1,3 +1,6 @@
/** Provides classes to reason about XPath vulnerabilities. */
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking
@@ -5,6 +8,9 @@ import semmle.code.java.dataflow.TaintTracking
* An abstract type representing a call to interpret XPath expressions.
*/
class XPathSink extends MethodAccess {
/**
* Gets the argument representing the XPath expressions to be evaluated.
*/
abstract Expr getSink();
}
@@ -44,10 +50,12 @@ class NodeSelectNodes extends XPathSink {
override Expr getSink() { result = this.getArgument(0) }
}
/** A sink that represents a method that interprets XPath expressions. */
class XPathInjectionSink extends DataFlow::ExprNode {
XPathInjectionSink() { exists(XPathSink sink | this.getExpr() = sink.getSink()) }
}
/** A configuration that tracks data from a remote input source to a XPath evaluation sink. */
class XPathInjectionConfiguration extends TaintTracking::Configuration {
XPathInjectionConfiguration() { this = "XPathInjection" }