Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2628d3d

Browse files
atorralbaatorralba
committed
Improve csv sink models
1 parent 3edc8bc commit 2628d3d

1 file changed

Lines changed: 18 additions & 18 deletions

File tree

java/ql/src/semmle/code/java/security/OgnlInjection.qll

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -28,21 +28,21 @@ private class DefaultOgnlInjectionSinkModel extends SinkModelCsv {
2828
override predicate row(string row) {
2929
row =
3030
[
31-
"org.apache.commons.ognl;Ognl;false;getValue;;;Argument[-1..0];ognl-injection",
32-
"org.apache.commons.ognl;Ognl;false;setValue;;;Argument[-1..0];ognl-injection",
33-
"org.apache.commons.ognl;Node;false;getValue;;;Argument[-1..0];ognl-injection",
34-
"org.apache.commons.ognl;Node;false;setValue;;;Argument[-1..0];ognl-injection",
31+
"org.apache.commons.ognl;Ognl;false;getValue;;;Argument[0];ognl-injection",
32+
"org.apache.commons.ognl;Ognl;false;setValue;;;Argument[0];ognl-injection",
33+
"org.apache.commons.ognl;Node;true;getValue;;;Argument[-1];ognl-injection",
34+
"org.apache.commons.ognl;Node;true;setValue;;;Argument[-1];ognl-injection",
3535
"org.apache.commons.ognl.enhance;ExpressionAccessor;true;get;;;Argument[-1];ognl-injection",
3636
"org.apache.commons.ognl.enhance;ExpressionAccessor;true;set;;;Argument[-1];ognl-injection",
37-
"ognl;Ognl;false;getValue;;;Argument[-1..0];ognl-injection",
38-
"ognl;Ognl;false;setValue;;;Argument[-1..0];ognl-injection",
39-
"ognl;Node;false;getValue;;;Argument[-1..0];ognl-injection",
40-
"ognl;Node;false;setValue;;;Argument[-1..0];ognl-injection",
37+
"ognl;Ognl;false;getValue;;;Argument[0];ognl-injection",
38+
"ognl;Ognl;false;setValue;;;Argument[0];ognl-injection",
39+
"ognl;Node;false;getValue;;;Argument[-1];ognl-injection",
40+
"ognl;Node;false;setValue;;;Argument[-1];ognl-injection",
4141
"ognl.enhance;ExpressionAccessor;true;get;;;Argument[-1];ognl-injection",
4242
"ognl.enhance;ExpressionAccessor;true;set;;;Argument[-1];ognl-injection",
43-
"com.opensymphony.xwork2.ognl;OgnlUtil;false;getValue;;;Argument[-1..0];ognl-injection",
44-
"com.opensymphony.xwork2.ognl;OgnlUtil;false;setValue;;;Argument[-1..0];ognl-injection",
45-
"com.opensymphony.xwork2.ognl;OgnlUtil;false;callMethod;;;Argument[-1..0];ognl-injection"
43+
"com.opensymphony.xwork2.ognl;OgnlUtil;false;getValue;;;Argument[0];ognl-injection",
44+
"com.opensymphony.xwork2.ognl;OgnlUtil;false;setValue;;;Argument[0];ognl-injection",
45+
"com.opensymphony.xwork2.ognl;OgnlUtil;false;callMethod;;;Argument[0];ognl-injection"
4646
]
4747
}
4848
}
@@ -91,12 +91,12 @@ private predicate parseCompileExpressionStep(DataFlow::Node n1, DataFlow::Node n
9191
*/
9292
private predicate getAccessorStep(DataFlow::Node n1, DataFlow::Node n2) {
9393
exists(MethodAccess ma, Method m |
94-
n1.asExpr() = ma.getQualifier() and
95-
n2.asExpr() = ma and
9694
ma.getMethod() = m and
97-
m.getDeclaringType().getASupertype*() instanceof TypeNode
98-
|
95+
m.getDeclaringType().getASupertype*() instanceof TypeNode and
9996
m.hasName("getAccessor")
97+
|
98+
n1.asExpr() = ma.getQualifier() and
99+
n2.asExpr() = ma
100100
)
101101
}
102102

@@ -106,12 +106,12 @@ private predicate getAccessorStep(DataFlow::Node n1, DataFlow::Node n2) {
106106
*/
107107
private predicate setExpressionStep(DataFlow::Node n1, DataFlow::Node n2) {
108108
exists(MethodAccess ma, Method m |
109-
n1.asExpr() = ma.getArgument(0) and
110-
n2.(PostUpdateNode).getPreUpdateNode().asExpr() = ma.getQualifier() and
111109
ma.getMethod() = m and
110+
m.hasName("setExpression") and
112111
m.getDeclaringType().getASupertype*() instanceof TypeExpressionAccessor
113112
|
114-
m.hasName("setExpression")
113+
n1.asExpr() = ma.getArgument(0) and
114+
n2.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = ma.getQualifier()
115115
)
116116
}
117117

0 commit comments

Comments
 (0)