Allow MaD sanitizers for java/mvel-expression-injection

owen-mc · owen-mc · commit 6c458a1bf658 · 2026-01-08T15:23:27.000Z
diff --git a/java/ql/lib/semmle/code/java/security/MvelInjection.qll b/java/ql/lib/semmle/code/java/security/MvelInjection.qll
@@ -37,6 +37,10 @@ private class DefaultMvelInjectionSanitizer extends MvelInjectionSanitizer {
   }
 }
 
+private class ExternalMvelInjectionSanitizer extends MvelInjectionSanitizer {
+  ExternalMvelInjectionSanitizer() { barrierNode(this, "mvel-injection") }
+}
+
 /** A set of additional taint steps to consider when taint tracking MVEL related data flows. */
 private class DefaultMvelInjectionAdditionalTaintStep extends MvelInjectionAdditionalTaintStep {
   override predicate step(DataFlow::Node node1, DataFlow::Node node2) {

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,10 @@ private class DefaultMvelInjectionSanitizer extends MvelInjectionSanitizer {`
`37`	`37`	`}`
`38`	`38`	`}`
`39`	`39`
	`40`	`+private class ExternalMvelInjectionSanitizer extends MvelInjectionSanitizer {`
	`41`	`+ ExternalMvelInjectionSanitizer() { barrierNode(this, "mvel-injection") }`
	`42`	`+}`
	`43`	`+`
`40`	`44`	`/** A set of additional taint steps to consider when taint tracking MVEL related data flows. */`
`41`	`45`	`private class DefaultMvelInjectionAdditionalTaintStep extends MvelInjectionAdditionalTaintStep {`
`42`	`46`	`override predicate step(DataFlow::Node node1, DataFlow::Node node2) {`