hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.21.1
codeql/java/ql/lib/semmle/code/java/security/TemplateInjectionQuery.qll
Chuan-kai Lin 75ec8ce58e Java: apply query alert restrictions
2024-09-20 07:47:58 -07:00

25 lines
1.1 KiB
Plaintext
Raw Permalink Blame History

/** Provides a taint tracking configuration for server-side template injection (SST) vulnerabilities */
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.TemplateInjection
/** A taint tracking configuration to reason about server-side template injection (SST) vulnerabilities */
module TemplateInjectionFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof TemplateInjectionSource }
predicate isSink(DataFlow::Node sink) { sink instanceof TemplateInjectionSink }
predicate isBarrier(DataFlow::Node sanitizer) { sanitizer instanceof TemplateInjectionSanitizer }
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
any(TemplateInjectionAdditionalTaintStep a).isAdditionalTaintStep(node1, node2)
}
predicate observeDiffInformedIncrementalMode() { any() }
}
/** Tracks server-side template injection (SST) vulnerabilities */
module TemplateInjectionFlow = TaintTracking::Global<TemplateInjectionFlowConfig>;
Reference in New Issue View Git Blame Copy Permalink