hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
7c21ebb526288f1377c4321ea93ae3b0535b51a1
codeql/docs/language/ql-training/query-examples/java/query-injection-java-3.ql
james 65573492e7 docs: rename ql-training-rst > ql-training
2019-09-05 08:40:36 +01:00

12 lines
282 B
Plaintext
Raw Blame History

import java
predicate isStringConcat(AddExpr ae) {
ae.getType() instanceof TypeString
}
from Method m, MethodAccess ma
where
m.getName().matches("sparql%Query") and
ma.getMethod() = m and
isStringConcat(ma.getArgument(0))
select ma, "SPARQL query vulnerable to injection."
Reference in New Issue View Git Blame Copy Permalink