hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve handling of the 'author' word as an exception

Browse Source
This commit is contained in:
Tony Torralba
2021-09-16 11:57:28 +02:00
parent 21079a1315
commit f18c163408
2 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/SensitiveActions.qll
View File

@@ -81,9 +81,9 @@ class AuthMethod extends SensitiveExecutionMethod {
AuthMethod() {
exists(string s | s = this.getName().toLowerCase() |
s.matches(["%login%", "%auth%"]) and
not s.matches([
"get%", "set%", "parse%", "%loginfo%", "remove%", "clean%", "%unauth%", "%author%"
])
not s.matches(["get%", "set%", "parse%", "%loginfo%", "remove%", "clean%", "%unauth%"]) and
// exclude "author", but not "authorize" or "authority"
not s.regexpMatch(".*[aA]uthors?([A-Z0-9_].*|$)")
) and
not this.getDeclaringType().getASupertype*() instanceof TypeException
}