hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Fix join-order.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2022-04-26 13:43:41 +02:00
parent e5eef51e9d
commit ff1c6ca4d6
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/lib/semmle/code/java/security/Validation.qll
View File

@@ -2,9 +2,6 @@ import semmle.code.java.Expr
import semmle.code.java.dataflow.SSA
import semmle.code.java.controlflow.Guards
bindingset[result, i]
private int unbindInt(int i) { i <= result and i >= result }
/** Holds if the method `method` validates its `arg`-th argument in some way. */
predicate validationMethod(Method method, int arg) {
// The method examines the contents of the string argument.
@@ -22,8 +19,8 @@ predicate validationMethod(Method method, int arg) {
// The method calls another one that verifies the argument.
exists(Parameter param, MethodAccess call, int recursiveArg |
method.getParameter(arg) = param and
call.getArgument(recursiveArg) = param.getAnAccess() and
validationMethod(call.getMethod(), unbindInt(recursiveArg))
call.getArgument(pragma[only_bind_into](recursiveArg)) = param.getAnAccess() and
validationMethod(pragma[only_bind_into](call.getMethod()), pragma[only_bind_into](recursiveArg))
)
}