hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 10:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ebb80b632b68789a0285dadb41d8d116cd1104f
codeql/java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionQuery.qll

25 lines
934 B
Plaintext
Raw Blame History

/** Provides a taint-tracking configuration to reason about improper validation of user-provided size used for array construction. */
import java
private import semmle.code.java.security.internal.ArraySizing
private import semmle.code.java.dataflow.FlowSources
/**
* A taint-tracking configuration to reason about improper validation of
* user-provided size used for array construction.
*/
module ImproperValidationOfArrayConstructionConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
predicate isSink(DataFlow::Node sink) {
any(CheckableArrayAccess caa).canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), _)
}
}
/**
* Taint-tracking flow for improper validation of user-provided size used
* for array construction.
*/
module ImproperValidationOfArrayConstructionFlow =
TaintTracking::Global<ImproperValidationOfArrayConstructionConfig>;
Reference in New Issue View Git Blame Copy Permalink