mirror of
https://github.com/github/codeql.git
synced 2025-12-17 17:23:36 +01:00
19 lines
552 B
Plaintext
19 lines
552 B
Plaintext
import csharp
|
|
import semmle.code.csharp.dataflow.TaintTracking
|
|
|
|
class Configuration extends TaintTracking::Configuration {
|
|
Configuration() { this = "Json.NET test" }
|
|
|
|
override predicate isSource(DataFlow::Node src) {
|
|
src.asExpr().(StringLiteral).getValue() = "tainted"
|
|
}
|
|
|
|
override predicate isSink(DataFlow::Node sink) {
|
|
exists(MethodCall c | c.getArgument(0) = sink.asExpr() and c.getTarget().getName() = "Sink")
|
|
}
|
|
}
|
|
|
|
from Configuration c, DataFlow::Node source, DataFlow::Node sink
|
|
where c.hasFlow(source, sink)
|
|
select source, sink
|