Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll

haby0 · smowton · web-flow · commit 650446f761fc · 2021-04-10T09:26:32.000+08:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
@@ -39,8 +39,8 @@ class VerificationMethodFlowConfig extends TaintTracking2::Configuration {
   override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(MethodAccess ma, BarrierGuard bg, int i, VerificationMethodToIfFlowConfig vmtifc |
-      ma = bg
+    exists(MethodAccess ma, int i, VerificationMethodToIfFlowConfig vmtifc |
+      ma instanceof BarrierGuard
     |
       (
         ma.getMethod().getParameter(i).getName().regexpMatch("(?i).*(token|auth|referer|origin).*")

Original file line number	Diff line number	Diff line change
`@@ -39,8 +39,8 @@ class VerificationMethodFlowConfig extends TaintTracking2::Configuration {`
`39`	`39`	`override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }`
`40`	`40`
`41`	`41`	`override predicate isSink(DataFlow::Node sink) {`
`42`		`- exists(MethodAccess ma, BarrierGuard bg, int i, VerificationMethodToIfFlowConfig vmtifc \|`
`43`		`- ma = bg`
	`42`	`+ exists(MethodAccess ma, int i, VerificationMethodToIfFlowConfig vmtifc \|`
	`43`	`+ ma instanceof BarrierGuard`
`44`	`44`	`\|`
`45`	`45`	`(`
`46`	`46`	`ma.getMethod().getParameter(i).getName().regexpMatch("(?i).(token\|auth\|referer\|origin).")`