Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java: prototype overlay data flow #17436

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Java: prototype overlay data flow #17436

wants to merge 3 commits into from

Conversation

aschackmull
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the Java label Sep 11, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 11, 2024
View reviewed changes
java/ql/lib/semmle/code/java/dataflow/OverlayDataFlow.qll
@@ -0,0 +1,805 @@
private import codeql.dataflow.DataFlow as DF
private import codeql.dataflow.TaintTracking as TT

Check warning

Code scanning / CodeQL

Names only differing by case Warning

TT is only different by casing from Tt that is used elsewhere for modules.
java/ql/lib/semmle/code/java/dataflow/OverlayDataFlow.qll
base import semmle.code.java.dataflow.internal.DataFlowPrivate
base import semmle.code.java.dataflow.internal.DataFlowUtil
base import semmle.code.java.dataflow.internal.DataFlowDispatch
import Public

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.java.dataflow.internal.DataFlowUtil
Loading
.
java/ql/lib/semmle/code/java/dataflow/OverlayDataFlow.qll
base import semmle.code.java.dataflow.internal.DataFlowUtil
base import semmle.code.java.dataflow.internal.DataFlowDispatch
import Public
import Private

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.java.dataflow.internal.DataFlowPrivate
Loading
.
java/ql/lib/semmle/code/java/dataflow/OverlayDataFlow.qll
overlay import semmle.code.java.dataflow.internal.DataFlowPrivate
overlay import semmle.code.java.dataflow.internal.DataFlowUtil
overlay import semmle.code.java.dataflow.internal.DataFlowDispatch
import Public

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.java.dataflow.internal.DataFlowUtil
Loading
.
java/ql/lib/semmle/code/java/dataflow/OverlayDataFlow.qll
overlay import semmle.code.java.dataflow.internal.DataFlowUtil
overlay import semmle.code.java.dataflow.internal.DataFlowDispatch
import Public
import Private

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.java.dataflow.internal.DataFlowPrivate
Loading
.
java/ql/src/Security/CWE/CWE-117/LogInjectionOverlay.ql
Comment on lines +60 to +63
from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink
where LogInjectionFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "This log entry depends on a $@.", source.getNode(),
"user-provided value"

Check warning

Code scanning / CodeQL

Consistent alert message Warning

The java/log-injection query does not have the same alert message as js, rb.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aschackmull