File tree Expand file tree Collapse file tree 1 file changed +7
-7
lines changed
csharp/ql/src/experimental/Security Features/Serialization Expand file tree Collapse file tree 1 file changed +7
-7
lines changed Original file line number Diff line number Diff line change @@ -31,16 +31,16 @@ predicate unsafeDataContractTypeCreation(Expr e) {
3131 e .( TypeofExpr ) .getTypeAccess ( ) .getTarget ( ) instanceof DataSetOrTableRelatedClass
3232}
3333
34- class Conf extends DataFlow:: Configuration {
35- Conf ( ) { this = "FlowToDataSerializerConstructor" }
34+ module FlowToDataSerializerConstructorConfig implements DataFlow:: ConfigSig {
35+ predicate isSource ( DataFlow :: Node node ) { unsafeDataContractTypeCreation ( node . asExpr ( ) ) }
3636
37- override predicate isSource ( DataFlow:: Node node ) { unsafeDataContractTypeCreation ( node .asExpr ( ) ) }
38-
39- override predicate isSink ( DataFlow:: Node node ) { xmlSerializerConstructorArgument ( node .asExpr ( ) ) }
37+ predicate isSink ( DataFlow:: Node node ) { xmlSerializerConstructorArgument ( node .asExpr ( ) ) }
4038}
4139
42- from Conf conf , DataFlow:: Node source , DataFlow:: Node sink
43- where conf .hasFlow ( source , sink )
40+ module FlowToDataSerializerConstructor = DataFlow:: Global< FlowToDataSerializerConstructorConfig > ;
41+
42+ from DataFlow:: Node source , DataFlow:: Node sink
43+ where FlowToDataSerializerConstructor:: flow ( source , sink )
4444select sink ,
4545 "Unsafe type is used in data contract serializer. Make sure $@ comes from the trusted source." ,
4646 source , source .toString ( )
You can’t perform that action at this time.
0 commit comments