mirror of
https://github.com/github/codeql.git
synced 2025-12-28 14:46:33 +01:00
23 lines
774 B
Plaintext
23 lines
774 B
Plaintext
import semmle.code.java.dataflow.DataFlow
|
|
import semmle.code.java.dataflow.TaintTracking
|
|
import semmle.code.java.dataflow.FlowSources
|
|
import semmle.code.java.security.QueryInjection
|
|
|
|
class Conf extends TaintTracking::Configuration {
|
|
Conf() { this = "qltest:dataflow:android::flow" }
|
|
|
|
override predicate isSource(DataFlow::Node source) {
|
|
exists(VarAccess va, MethodAccess ma |
|
|
source.asExpr() = va and
|
|
va.getVariable().getAnAssignedValue() = ma and
|
|
ma.getMethod().hasName("taint")
|
|
)
|
|
}
|
|
|
|
override predicate isSink(DataFlow::Node sink) { not isSource(sink) }
|
|
}
|
|
|
|
from DataFlow::Node source, DataFlow::Node sink, Conf config
|
|
where config.hasFlow(source, sink) and sink.getLocation().getFile().getBaseName() = "FlowSteps.java"
|
|
select source, sink
|