Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1086abc

Browse files
egregius313egregius313
committed
Refactor to using ThreatModelFlowSource 
1 parent b76795f commit 1086abc

1 file changed

Lines changed: 3 additions & 2 deletions

File tree

csharp/ql/lib/semmle/code/csharp/security/auth/InsecureDirectObjectReferenceQuery.qll

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,8 @@
11
/** Definitions for the Insecure Direct Object Reference query */
22

33
import csharp
4-
import semmle.code.csharp.dataflow.flowsources.Remote
4+
import semmle.code.csharp.security.dataflow.flowsources.FlowSources
5+
deprecated import semmle.code.csharp.dataflow.flowsources.Remote
56
import ActionMethods
67

78
/**
@@ -17,7 +18,7 @@ private predicate needsChecks(ActionMethod m) { m.isEdit() and not m.isAdmin() }
1718
* that may indicate that it's used as the ID for some resource
1819
*/
1920
private predicate hasIdParameter(ActionMethod m) {
20-
exists(RemoteFlowSource src | src.getEnclosingCallable() = m |
21+
exists(ThreatModelFlowSource src | src.getEnclosingCallable() = m |
2122
src.asParameter().getName().toLowerCase().matches(["%id", "%idx"])
2223
or
2324
// handle cases like `Request.QueryString["Id"]`

0 commit comments

Comments
 (0)