hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 10:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
35fbc95cc743f63b16a68f8f5f6ce82a9d0bdbeb
codeql/java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll

26 lines
1.0 KiB
Plaintext
Raw Blame History

/** Provides a taint-tracking configuration to reason about use of externally controlled strings for command injection vulnerabilities. */
import java
private import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.security.ExternalProcess
private import semmle.code.java.security.CommandArguments
private import semmle.code.java.security.Sanitizers
/** A taint-tracking configuration to reason about use of externally controlled strings to make command line commands. */
module ExecTaintedLocalConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof ArgumentToExec }
predicate isBarrier(DataFlow::Node node) {
node instanceof SimpleTypeSanitizer
or
isSafeCommandArgument(node.asExpr())
}
}
/**
* Taint-tracking flow for use of externally controlled strings to make command line commands.
*/
module ExecTaintedLocalFlow = TaintTracking::Global<ExecTaintedLocalConfig>;
Reference in New Issue View Git Blame Copy Permalink