Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bb1ea94

Browse files
SpaceWhiteSpaceWhite
committed
Nit: Fix qhelp and ql autoformat
1 parent b7af164 commit bb1ea94

2 files changed

Lines changed: 12 additions & 15 deletions

File tree

java/ql/src/experimental/CWE-643/XPathInjection.qhelp

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,24 +15,24 @@ If user input must be included in an XPath expression, pre-compile the query and
1515
references to include the user input.
1616
</p>
1717
<p>
18-
XPath injection can also be prevented by using XQuery
18+
XPath injection can also be prevented by using XQuery.
1919
</p>
2020

2121
</recommendation>
2222

2323
<example>
2424
<p>
25-
In the first, second, and third example, the code accepts a user and password specified by the user, and uses this
25+
In the first, second, and third example, the code accepts a name and password specified by the user, and uses this
2626
unvalidated and unsanitized value in an XPath expression. This is vulnerable to the user providing
2727
special characters or string sequences that change the meaning of the XPath expression to search
2828
for different values.
2929
</p>
3030

3131
<p>
32-
In the forth example, the code utilizes setXPathVariableResolver which prevents XPath Injection
32+
In the fourth example, the code utilizes setXPathVariableResolver which prevents XPath Injection.
3333
</p>
3434
<p>
35-
The fifth example is dom4j xpath injection example
35+
The fifth example is a dom4j XPath injection example
3636
</p>
3737
<sample src="XPathInjection.java" />
3838
</example>

java/ql/src/experimental/CWE-643/XPathInjection.ql

Lines changed: 8 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -27,21 +27,18 @@ class XPathInjectionConfiguration extends TaintTracking::Configuration {
2727
class XPathInjectionSink extends DataFlow::ExprNode {
2828
XPathInjectionSink() {
2929
exists(Method m, MethodAccess ma | ma.getMethod() = m |
30-
(
31-
m.getDeclaringType().hasQualifiedName("javax.xml.xpath", "XPath") and
32-
(m.hasName("evaluate") or m.hasName("compile")) and
33-
ma.getArgument(0) = this.getExpr()
34-
) or
35-
(
36-
m.getDeclaringType().hasQualifiedName("org.dom4j", "Node") and
37-
(m.hasName("selectNodes") or m.hasName("selectSingleNode")) and
38-
ma.getArgument(0) = this.getExpr()
39-
)
30+
m.getDeclaringType().hasQualifiedName("javax.xml.xpath", "XPath") and
31+
(m.hasName("evaluate") or m.hasName("compile")) and
32+
ma.getArgument(0) = this.getExpr()
33+
or
34+
m.getDeclaringType().hasQualifiedName("org.dom4j", "Node") and
35+
(m.hasName("selectNodes") or m.hasName("selectSingleNode")) and
36+
ma.getArgument(0) = this.getExpr()
4037
)
4138
}
4239
}
4340

4441
from DataFlow::PathNode source, DataFlow::PathNode sink, XPathInjectionConfiguration c
4542
where c.hasFlowPath(source, sink)
4643
select sink.getNode(), source, sink, "$@ flows to here and is used in an XPath expression.",
47-
source.getNode(), "User-provided value"
44+
source.getNode(), "User-provided value"

0 commit comments

Comments
 (0)