hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-21 22:57:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Bug fixes

Browse Source
This commit is contained in:
tiferet
2022-12-27 00:46:59 -08:00
parent c14a4c4d93
commit f5109be2ac
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll
View File

@@ -165,7 +165,7 @@ abstract class EndpointCharacteristic extends string {
// * Endpoints identified as "DomBasedXssSink" by the standard Java libraries are XSS sinks with maximal confidence.
// */
// private class DomBasedXssSinkCharacteristic extends EndpointCharacteristic {
// DomBasedXssSinkCharacteristic() { this = "DomBasedXssSink" }
// DomBasedXssSinkCharacteristic() { this = any(XssSinkType type).getDescription() }
// override predicate appliesToEndpoint(DataFlow::Node n) { n instanceof DomBasedXss::Sink }
// override predicate hasImplications(
// EndpointType endpointClass, boolean isPositiveIndicator, float confidence
@@ -180,7 +180,7 @@ abstract class EndpointCharacteristic extends string {
* confidence.
*/
private class TaintedPathSinkCharacteristic extends EndpointCharacteristic {
TaintedPathSinkCharacteristic() { this = "TaintedPathSink" }
TaintedPathSinkCharacteristic() { this = any(TaintedPathSinkType type).getDescription() }
override predicate appliesToEndpoint(DataFlow::Node n) {
n.asExpr() = any(PathCreation p).getAnInput()
@@ -220,7 +220,7 @@ private class SqlInjectionSinkCharacteristic extends EndpointCharacteristic {
// * maximal confidence.
// */
// private class NosqlInjectionSinkCharacteristic extends EndpointCharacteristic {
// NosqlInjectionSinkCharacteristic() { this = "NosqlInjectionSink" }
// NosqlInjectionSinkCharacteristic() { this = any(NosqlInjectionSinkType type).getDescription() }
// override predicate appliesToEndpoint(DataFlow::Node n) { n instanceof NosqlInjection::Sink }
// override predicate hasImplications(
// EndpointType endpointClass, boolean isPositiveIndicator, float confidence

1
java/ql/experimental/adaptivethreatmodeling/src/ExtractSinkCandidatesWithFlow.ql
View File

@@ -22,6 +22,7 @@ private import experimental.adaptivethreatmodeling.TaintedPathATM as TaintedPath
// private import experimental.adaptivethreatmodeling.XssThroughDomATM as XssThroughDomAtm
from DataFlow::PathNode sink, string message
where
exists(AtmConfig::AtmConfig config | config.isSinkCandidateWithFlow(sink)) and
// The message is the concatenation of all relevant configs
message =
concat(AtmConfig::AtmConfig config |