Java: add taint steps for getResource sink

2026-04-22 15:25:18 +02:00 · 2023-11-26 20:58:29 -05:00
parent fefc02d650
commit efa5ab18c1
1 changed files with 7 additions and 0 deletions
--- a/java/ql/lib/ext/org.springframework.cloud.config.server.environment.model.yml
+++ b/java/ql/lib/ext/org.springframework.cloud.config.server.environment.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.springframework.cloud.config.server.environment", "SearchPathLocator", True, "getLocations", "(String,String,String)", "", "Argument[0..2]", "ReturnValue", "taint", "manual"]
+      - ["org.springframework.cloud.config.server.environment", "SearchPathLocator$Locations", True, "getLocations", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]