hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8679 from erik-krogh/getUrl

Browse Source 
Java: rename existing getUrl predicate to getRepositoryUrl
This commit is contained in:
Erik Krogh Kristensen
2022-04-07 10:01:14 +02:00
committed by GitHub
parent 72d4c97463 489d4cb908
commit ef9b6a11a6
4 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/change-notes/2022-04-06-getUrl-deprecation.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: breaking
---
* The `getUrl` predicate of `DeclaredRepository` in `MavenPom.qll` has been renamed to `getRepositoryUrl`.

2
java/ql/lib/semmle/code/xml/MavenPom.qll
View File

@@ -380,7 +380,7 @@ class DeclaredRepository extends PomElement {
* Gets the url for this repository. If the `url` tag is present, this will
* be the string contents of that tag.
*/
string getUrl() { result = this.getAChild("url").(PomElement).getValue() }
string getRepositoryUrl() { result = this.getAChild("url").(PomElement).getValue() }
}
/**

4
java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
View File

@@ -14,10 +14,10 @@ import java
import semmle.code.xml.MavenPom
predicate isBintrayRepositoryUsage(DeclaredRepository repository) {
repository.getUrl().matches("%.bintray.com%")
repository.getRepositoryUrl().matches("%.bintray.com%")
}
from DeclaredRepository repository
where isBintrayRepositoryUsage(repository)
select repository,
"Downloading or uploading artifacts to deprecated repository " + repository.getUrl()
"Downloading or uploading artifacts to deprecated repository " + repository.getRepositoryUrl()

4
java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
View File

@@ -17,11 +17,11 @@ import java
import semmle.code.xml.MavenPom
predicate isInsecureRepositoryUsage(DeclaredRepository repository) {
repository.getUrl().regexpMatch("(?i)^(http|ftp)://(?!localhost[:/]).*")
repository.getRepositoryUrl().regexpMatch("(?i)^(http|ftp)://(?!localhost[:/]).*")
}
from DeclaredRepository repository
where isInsecureRepositoryUsage(repository)
select repository,
"Downloading or uploading artifacts over insecure protocol (eg. http or ftp) to/from repository " +
repository.getUrl()
repository.getRepositoryUrl()