Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e7cbd49

Browse files
egregius313egregius313
committed
Refactor FilePathInjection
1 parent 47c5db0 commit e7cbd49

1 file changed

Lines changed: 10 additions & 9 deletions

File tree

java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,13 @@
1313
*/
1414

1515
import java
16+
import semmle.code.java.dataflow.TaintTracking
1617
import semmle.code.java.dataflow.ExternalFlow
1718
import semmle.code.java.dataflow.FlowSources
1819
import semmle.code.java.security.PathCreation
1920
import JFinalController
2021
import semmle.code.java.security.PathSanitizer
21-
import DataFlow::PathGraph
22+
import InjectFilePathFlow::PathGraph
2223

2324
private class ActivateModels extends ActiveExperimentalModels {
2425
ActivateModels() { this = "file-path-injection" }
@@ -47,24 +48,24 @@ class NormalizedPathNode extends DataFlow::Node {
4748
}
4849
}
4950

50-
class InjectFilePathConfig extends TaintTracking::Configuration {
51-
InjectFilePathConfig() { this = "InjectFilePathConfig" }
51+
module InjectFilePathConfig implements DataFlow::ConfigSig {
52+
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
5253

53-
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
54-
55-
override predicate isSink(DataFlow::Node sink) {
54+
predicate isSink(DataFlow::Node sink) {
5655
sink.asExpr() = any(PathCreation p).getAnInput() and
5756
not sink instanceof NormalizedPathNode
5857
}
5958

60-
override predicate isSanitizer(DataFlow::Node node) {
59+
predicate isBarrier(DataFlow::Node node) {
6160
exists(Type t | t = node.getType() | t instanceof BoxedType or t instanceof PrimitiveType)
6261
or
6362
node instanceof PathInjectionSanitizer
6463
}
6564
}
6665

67-
from DataFlow::PathNode source, DataFlow::PathNode sink, InjectFilePathConfig conf
68-
where conf.hasFlowPath(source, sink)
66+
module InjectFilePathFlow = TaintTracking::Global<InjectFilePathConfig>;
67+
68+
from InjectFilePathFlow::PathNode source, InjectFilePathFlow::PathNode sink
69+
where InjectFilePathFlow::flowPath(source, sink)
6970
select sink.getNode(), source, sink, "External control of file name or path due to $@.",
7071
source.getNode(), "user-provided value"

0 commit comments

Comments
 (0)