Java: Make EnvTaintedMethod public + QL-Doc

intrigus · intrigus · commit d98b17199804 · 2021-01-11T13:42:07.000+01:00
diff --git a/java/ql/src/semmle/code/java/dataflow/FlowSources.qll b/java/ql/src/semmle/code/java/dataflow/FlowSources.qll
@@ -292,7 +292,8 @@ private class SpringWebRequestGetMethod extends Method {
   }
 }
 
-private class EnvTaintedMethod extends Method {
+/** Models methods that are tainted by the environment of the user, such as `System.getProperty` or `System.getenv()`. */
+class EnvTaintedMethod extends Method {
   EnvTaintedMethod() {
     this instanceof MethodSystemGetenv or
     this instanceof PropertiesGetPropertyMethod or

Original file line number	Diff line number	Diff line change
`@@ -292,7 +292,8 @@ private class SpringWebRequestGetMethod extends Method {`
`292`	`292`	`}`
`293`	`293`	`}`
`294`	`294`
`295`		`-private class EnvTaintedMethod extends Method {`
	`295`	+/** Models methods that are tainted by the environment of the user, such as `System.getProperty` or `System.getenv()`. */
	`296`	`+class EnvTaintedMethod extends Method {`
`296`	`297`	`EnvTaintedMethod() {`
`297`	`298`	`this instanceof MethodSystemGetenv or`
`298`	`299`	`this instanceof PropertiesGetPropertyMethod or`