Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.ExternalProcess
import semmle.code.java.security.CommandArguments

private class RemoteUserInputToArgumentToExecFlowConfig extends TaintTracking::Configuration {
/**
* A taint-tracking configuration for unvalidated user input that is used to run an external process.
*/
class RemoteUserInputToArgumentToExecFlowConfig extends TaintTracking::Configuration {
RemoteUserInputToArgumentToExecFlowConfig() {
this = "ExecCommon::RemoteUserInputToArgumentToExecFlowConfig"
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,19 @@
/** Definitions used by the queries for database query injection. */
/**
* Provides taint tracking and dataflow configurations to be used in Sql injection queries.
*
* Do not import this from a library file, in order to reduce the risk of
* unintentionally bringing a TaintTracking::Configuration into scope in an unrelated
* query.
*/

import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.QueryInjection

private class QueryInjectionFlowConfig extends TaintTracking::Configuration {
/**
* A taint-tracking configuration for unvalidated user input that is used in SQL queries.
*/
class QueryInjectionFlowConfig extends TaintTracking::Configuration {
QueryInjectionFlowConfig() { this = "SqlInjectionLib::QueryInjectionFlowConfig" }

override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
Expand Down
2 changes: 1 addition & 1 deletion java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

import java
import semmle.code.java.dataflow.FlowSources
import SqlInjectionLib
import semmle.code.java.security.SqlInjectionQuery
import DataFlow::PathGraph

from QueryInjectionSink query, DataFlow::PathNode source, DataFlow::PathNode sink
Expand Down
2 changes: 1 addition & 1 deletion java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

import semmle.code.java.Expr
import semmle.code.java.dataflow.FlowSources
import SqlInjectionLib
import semmle.code.java.security.SqlInjectionQuery
import DataFlow::PathGraph

class LocalUserInputToQueryInjectionFlowConfig extends TaintTracking::Configuration {
Expand Down
2 changes: 1 addition & 1 deletion java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

import java
import semmle.code.java.security.SqlUnescapedLib
import SqlInjectionLib
import semmle.code.java.security.SqlInjectionQuery

class UncontrolledStringBuilderSource extends DataFlow::ExprNode {
UncontrolledStringBuilderSource() {
Expand Down