Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Java: prototype overlay data flow #17436

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

aschackmull
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the Java label Sep 11, 2024
@@ -0,0 +1,805 @@
private import codeql.dataflow.DataFlow as DF
private import codeql.dataflow.TaintTracking as TT

Check warning

Code scanning / CodeQL

Names only differing by case Warning

TT is only different by casing from Tt that is used elsewhere for modules.
base import semmle.code.java.dataflow.internal.DataFlowPrivate
base import semmle.code.java.dataflow.internal.DataFlowUtil
base import semmle.code.java.dataflow.internal.DataFlowDispatch
import Public

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.java.dataflow.internal.DataFlowUtil
.
base import semmle.code.java.dataflow.internal.DataFlowUtil
base import semmle.code.java.dataflow.internal.DataFlowDispatch
import Public
import Private

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.java.dataflow.internal.DataFlowPrivate
.
overlay import semmle.code.java.dataflow.internal.DataFlowPrivate
overlay import semmle.code.java.dataflow.internal.DataFlowUtil
overlay import semmle.code.java.dataflow.internal.DataFlowDispatch
import Public

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.java.dataflow.internal.DataFlowUtil
.
overlay import semmle.code.java.dataflow.internal.DataFlowUtil
overlay import semmle.code.java.dataflow.internal.DataFlowDispatch
import Public
import Private

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.java.dataflow.internal.DataFlowPrivate
.
Comment on lines +60 to +63
from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink
where LogInjectionFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "This log entry depends on a $@.", source.getNode(),
"user-provided value"

Check warning

Code scanning / CodeQL

Consistent alert message Warning

The java/log-injection query does not have the same alert message as js, rb.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant