Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c28856d

Browse files
pwntesterpwntester
committed
remove wicket taintstep from TaintTrackingUtil
1 parent a4a91eb commit c28856d

1 file changed

Lines changed: 0 additions & 8 deletions

File tree

java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -414,14 +414,6 @@ private predicate argToMethodStep(Expr tracked, MethodAccess sink) {
414414
* `arg`th argument is tainted.
415415
*/
416416
private predicate taintPreservingArgumentToMethod(Method method, int arg) {
417-
(
418-
method.getDeclaringType().hasQualifiedName("org.apache.wicket.util.crypt", "Base64") and
419-
(
420-
method.getName().matches("decode%") and arg = 0 or
421-
method.getName().matches("encode%") and arg = 0
422-
)
423-
)
424-
or
425417
(
426418
method.getDeclaringType().hasQualifiedName("java.util", "Base64$Encoder") or
427419
method.getDeclaringType().hasQualifiedName("java.util", "Base64$Decoder") or

0 commit comments

Comments
 (0)