Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java: Add a default taint sanitizer for contains-checks on lists of constants #17901

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Java: Add a default taint sanitizer for contains-checks on lists of constants #17901

wants to merge 5 commits into from

Conversation

aschackmull
Copy link
Contributor

Builds on top of #17863

This is a reimplementation of #17051 expressed in terms of a universal flow library.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 4, 2024
View reviewed changes
java/ql/lib/semmle/code/java/security/ListOfConstantsSanitizer.qll
private import semmle.code.java.controlflow.Guards
private import semmle.code.java.dataflow.internal.BaseSSA
private import semmle.code.java.dataflow.TaintTracking
private import semmle.code.java.dataflow.TypeFlow

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.java.dispatch.VirtualDispatch
Loading
.
shared/typeflow/codeql/typeflow/UniversalFlow.qll Outdated
* Provides an implementation of universal flow using input `I`.
*/
module Make<LocationSig Location, UniversalFlowInput<Location> I> {
private import I

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
I
Loading
.
@aschackmull aschackmull mentioned this pull request Nov 4, 2024
Open
@aschackmull aschackmull changed the title Java/allowlist sanitizer Java: Add a default taint sanitizer for contains-checks on lists of constants Nov 4, 2024
@aschackmull aschackmull marked this pull request as ready for review November 6, 2024 13:14
@github-actions github-actions bot removed the C++ label Nov 6, 2024
@aschackmull aschackmull requested a review from a team as a code owner November 6, 2024 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
documentation Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@aschackmull