Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ec6e173

Browse files
egregius313egregius313
committed
Replace Main-method parameters with ThreatModelFlowSource 
1 parent a3f6bfe commit ec6e173

1 file changed

Lines changed: 1 addition & 4 deletions

File tree

csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,7 @@ import AssemblyPathInjection::PathGraph
2121
* A taint-tracking configuration for untrusted user input used to load a DLL.
2222
*/
2323
module AssemblyPathInjectionConfig implements DataFlow::ConfigSig {
24-
predicate isSource(DataFlow::Node source) {
25-
source instanceof ThreatModelFlowSource or
26-
source.asExpr() = any(MainMethod main).getParameter(0).getAnAccess()
27-
}
24+
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
2825

2926
predicate isSink(DataFlow::Node sink) {
3027
exists(MethodCall mc, string name, int arg |

0 commit comments

Comments
 (0)