hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-19 03:41:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow blacklist sanitizers.

Browse Source
This commit is contained in:
Sebastian Bauersfeld
2022-08-19 16:34:29 +07:00
parent 11f527ea5b
commit f6d42bd3c6
3 changed files with 44 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
View File

@@ -31,10 +31,16 @@ class ResponseSplittingConfig extends TaintTracking::Configuration {
or
node.getType() instanceof BoxedType
or
exists(MethodAccess ma |
ma.getMethod().hasQualifiedName("java.lang", "String", "replaceAll") and
ma.getArgument(0).(StringLiteral).getValue().matches("%[^%") and
node.asExpr() = ma
exists(MethodAccess ma, string methodName, CompileTimeConstantExpr target |
node.asExpr() = ma and
ma.getMethod().hasQualifiedName("java.lang", "String", methodName) and
target = ma.getArgument(0) and
(
methodName = "replace" and target.getIntValue() = [10, 13]
or
methodName = "replaceAll" and
target.getStringValue().regexpMatch(".*([\n\r]|\\[\\^[^\\]\r\n]*\\]).*")
)
)
}
}