hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-07 06:31:41 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
9a0fb39382f7a1e593e0849aad7b45b3dbd5ed94
codeql/java/ql/lib/semmle/code/java/security/ExecTaintedLocalQuery.qll
Ed Minnix 5f3c8fef3f Privacy markers and fixed imports
2023-05-04 10:25:17 -04:00

27 lines
1.0 KiB
Plaintext
Raw Blame History

/** Provides a taint-tracking configuration to reason about use of externally controlled strings for command injection vulnerabilities. */
import java
private import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.security.ExternalProcess
private import semmle.code.java.security.CommandArguments
/** A taint-tracking configuration to reason about use of externally controlled strings to make command line commands. */
module ExecTaintedLocalConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof ArgumentToExec }
predicate isBarrier(DataFlow::Node node) {
node.getType() instanceof PrimitiveType
or
node.getType() instanceof BoxedType
or
isSafeCommandArgument(node.asExpr())
}
}
/**
* Taint-tracking flow for use of externally controlled strings to make command line commands.
*/
module ExecTaintedLocalFlow = TaintTracking::Global<ExecTaintedLocalConfig>;
Reference in New Issue View Git Blame Copy Permalink