hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Moved from experimental to standard

Browse Source
This commit is contained in:
Tony Torralba
2021-05-11 15:42:13 +02:00
parent 53da3b661a
commit fc03b92e11
17 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.java → java/ql/src/Security/CWE/CWE-917/OgnlInjection.java
View File

0
java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.qhelp → java/ql/src/Security/CWE/CWE-917/OgnlInjection.qhelp
View File

2
java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.ql → java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
View File

@@ -12,8 +12,8 @@
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.OgnlInjection
import DataFlow::PathGraph
import OgnlInjectionLib
/**
* A taint-tracking configuration for unvalidated user input that is used in OGNL EL evaluation.

1
java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -81,6 +81,7 @@ private module Frameworks {
private import semmle.code.java.security.XSS
private import semmle.code.java.security.LdapInjection
private import semmle.code.java.security.XPath
private import semmle.code.java.security.OgnlInjection
}
private predicate sourceModelCsv(string row) {

0
java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjectionLib.qll → java/ql/src/semmle/code/java/security/OgnlInjection.qll
View File

1
java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.qlref
View File

@@ -1 +0,0 @@
experimental/Security/CWE/CWE-917/OgnlInjection.ql

1
java/ql/test/experimental/query-tests/security/CWE-917/options
View File

@@ -1 +0,0 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/ognl-3.2.14:${testdir}/../../../stubs/struts2-core-2.5.22

0
java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.expected → java/ql/test/query-tests/security/CWE-917/OgnlInjection.expected
View File

0
java/ql/test/experimental/query-tests/security/CWE-917/OgnlInjection.java → java/ql/test/query-tests/security/CWE-917/OgnlInjection.java
View File

1
java/ql/test/query-tests/security/CWE-917/OgnlInjection.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-917/OgnlInjection.ql

1
java/ql/test/query-tests/security/CWE-917/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/ognl-3.2.14:${testdir}/../../../stubs/struts2-core-2.5.22

0
java/ql/test/experimental/stubs/ognl-3.2.14/ognl/JavaSource.java → java/ql/test/stubs/ognl-3.2.14/ognl/JavaSource.java
View File

0
java/ql/test/experimental/stubs/ognl-3.2.14/ognl/Node.java → java/ql/test/stubs/ognl-3.2.14/ognl/Node.java
View File

0
java/ql/test/experimental/stubs/ognl-3.2.14/ognl/Ognl.java → java/ql/test/stubs/ognl-3.2.14/ognl/Ognl.java
View File

0
java/ql/test/experimental/stubs/ognl-3.2.14/ognl/OgnlContext.java → java/ql/test/stubs/ognl-3.2.14/ognl/OgnlContext.java
View File

0
java/ql/test/experimental/stubs/ognl-3.2.14/ognl/OgnlException.java → java/ql/test/stubs/ognl-3.2.14/ognl/OgnlException.java
View File

0
java/ql/test/experimental/stubs/struts2-core-2.5.22/com/opensymphony/xwork2/ognl/OgnlUtil.java → java/ql/test/stubs/struts2-core-2.5.22/com/opensymphony/xwork2/ognl/OgnlUtil.java
View File