C#: Disable field flow for cs/inappropriate-encoding

hvitved · hvitved · commit 80e91cceb138 · 2019-08-20T13:59:46.000+02:00
diff --git a/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql b/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql
@@ -62,6 +62,8 @@ abstract class RequiresEncodingConfiguration extends TaintTracking2::Configurati
   override predicate isSink(Node sink) { this.requiresEncoding(sink) }
 
   override predicate isSanitizer(Node sanitizer) { this.isPossibleEncodedValue(sanitizer.asExpr()) }
+
+  override int fieldFlowBranchLimit() { result = 0 }
 }
 
 /** An encoded value, for example a call to `HttpServerUtility.HtmlEncode`. */

Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,8 @@ abstract class RequiresEncodingConfiguration extends TaintTracking2::Configurati`
`62`	`62`	`override predicate isSink(Node sink) { this.requiresEncoding(sink) }`
`63`	`63`
`64`	`64`	`override predicate isSanitizer(Node sanitizer) { this.isPossibleEncodedValue(sanitizer.asExpr()) }`
	`65`	`+`
	`66`	`+ override int fieldFlowBranchLimit() { result = 0 }`
`65`	`67`	`}`
`66`	`68`
`67`	`69`	/** An encoded value, for example a call to `HttpServerUtility.HtmlEncode`. */