mirror of
https://github.com/github/codeql.git
synced 2025-12-18 18:10:39 +01:00
7dae6122d9
Given CharSequence is often used as an alias for String, ensure taint through toString is flowing
16 lines
377 B
Java
16 lines
377 B
Java
public class CharSeq {
|
|
public static String taint() { return "tainted"; }
|
|
|
|
public static void sink(Object o) { }
|
|
|
|
void test1() {
|
|
CharSequence seq = taint().subSequence(0,1);
|
|
sink(seq);
|
|
|
|
CharSequence seqFromSeq = seq.subSequence(0, 1);
|
|
sink(seqFromSeq);
|
|
|
|
String stringFromSeq = seq.toString();
|
|
sink(stringFromSeq);
|
|
}
|
|
} |