hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-10 17:44:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
51243454c890c3c58c0d9ba767dfec8a030ba2ed
codeql/java/ql/test/library-tests/dataflow/local-additional-taint/localAdditionalTaintStep.ql
Anders Schack-Mulligen 43d1b0ab27 Java: Update qltests.
2021-06-01 11:47:52 +02:00

39 lines
1.4 KiB
Plaintext
Raw Blame History

import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.internal.TaintTrackingUtil
import semmle.code.java.dataflow.internal.DataFlowNodes::Private
import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
predicate taintFlowThrough(DataFlow::ParameterNode p) {
exists(ReturnNode ret | localTaint(p, ret))
}
predicate taintFlowUpdate(DataFlow::ParameterNode p1, DataFlow::ParameterNode p2) {
exists(DataFlow::PostUpdateNode ret | localTaint(p1, ret) | ret.getPreUpdateNode() = p2)
}
from DataFlow::Node src, DataFlow::Node sink
where
(
localAdditionalTaintStep(src, sink) or
FlowSummaryImpl::Private::Steps::summaryThroughStep(src, sink, false)
) and
not FlowSummaryImpl::Private::Steps::summaryLocalStep(src, sink, false) and
not FlowSummaryImpl::Private::Steps::summaryReadStep(src, _, sink) and
not FlowSummaryImpl::Private::Steps::summaryStoreStep(src, _, sink)
or
exists(ArgumentNode arg, MethodAccess call, DataFlow::ParameterNode p, int i |
src = arg and
p.isParameterOf(call.getMethod().getSourceDeclaration(), i) and
arg.argumentOf(call, i)
|
sink.asExpr() = call and
taintFlowThrough(p)
or
exists(DataFlow::ParameterNode p2, int j |
sink.(DataFlow::PostUpdateNode).getPreUpdateNode().(ArgumentNode).argumentOf(call, j) and
taintFlowUpdate(p, p2) and
p2.isParameterOf(_, j)
)
)
select src, sink
Reference in New Issue View Git Blame Copy Permalink