hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/java/ql/test/library-tests/dataflow/taint/CharSeq.java
Benjamin Muskalla 7dae6122d9 Support CharSequence#toString 
Given CharSequence is often used as an
alias for String, ensure taint through toString is flowing
2021-11-10 16:30:20 +01:00

16 lines
377 B
Java
Raw Permalink Blame History

public class CharSeq {
public static String taint() { return "tainted"; }
public static void sink(Object o) { }
void test1() {
CharSequence seq = taint().subSequence(0,1);
sink(seq);
CharSequence seqFromSeq = seq.subSequence(0, 1);
sink(seqFromSeq);
String stringFromSeq = seq.toString();
sink(stringFromSeq);
}
}
Reference in New Issue View Git Blame Copy Permalink