Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9635a36

Browse files
haby0smowton
haby0
and
smowton
authored
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
Co-authored-by: Chris Smowton <[email protected]>
1 parent 760231c commit 9635a36

1 file changed

Lines changed: 4 additions & 1 deletion

File tree

java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,10 @@ import semmle.code.java.dataflow.FlowSources
1616
import semmle.code.java.deadcode.WebEntryPoints
1717
import DataFlow::PathGraph
1818

19-
/** Determine whether there is a verification method for the remote streaming source data flow path method. */
19+
/**
20+
* Holds if some `Filter.doFilter` method exists in the whole program that takes some user-controlled
21+
* input and tests it with what appears to be a token- or authentication-checking function.
22+
*/
2023
predicate existsFilterVerificationMethod() {
2124
exists(DataFlow::Node source, DataFlow::Node sink, VerificationMethodFlowConfig vmfc, Method m |
2225
vmfc.hasFlow(source, sink) and

0 commit comments

Comments
 (0)