Skip to content

Commit 7c235e3

Browse files
aegilopsaegilops
committed
Fixed linting issues. Will not fix instanceof, that is necessary
1 parent 8c73fbe commit 7c235e3

File tree

1 file changed

+16
-19
lines changed

1 file changed

+16
-19
lines changed

java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.qll

Lines changed: 16 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -44,9 +44,9 @@ class ExecTaintConfiguration2 extends TaintTracking::Configuration {
4444
override predicate isSource(DataFlow::Node source) { source instanceof Source }
4545

4646
override predicate isSink(DataFlow::Node sink) {
47-
exists(RuntimeExecMethod method, MethodAccess call, int index |
47+
exists(RuntimeExecMethod method, MethodAccess call |
4848
call.getMethod() = method and
49-
sink.asExpr() = call.getArgument(index) and
49+
sink.asExpr() = call.getArgument(_) and
5050
sink.asExpr().getType() instanceof Array
5151
)
5252
}
@@ -62,36 +62,33 @@ class ExecTaintConfiguration2 extends TaintTracking::Configuration {
6262

6363
// array[3] = node
6464
class AssignToNonZeroIndex extends DataFlow::Node {
65-
AssignExpr assign;
66-
ArrayAccess access;
67-
6865
AssignToNonZeroIndex() {
69-
assign.getDest() = access and
70-
access.getIndexExpr().(IntegerLiteral).getValue() != "0" and
71-
assign.getSource() = this.asExpr()
66+
exists(AssignExpr assign, ArrayAccess access |
67+
assign.getDest() = access and
68+
access.getIndexExpr().(IntegerLiteral).getValue() != "0" and
69+
assign.getSource() = this.asExpr()
70+
)
7271
}
7372
}
7473

7574
// String[] array = {"a", "b, "c"};
7675
class ArrayInitAtNonZeroIndex extends DataFlow::Node {
77-
ArrayInit init;
78-
int index;
79-
8076
ArrayInitAtNonZeroIndex() {
81-
init.getInit(index) = this.asExpr() and
82-
index != 0
77+
exists(ArrayInit init, int index |
78+
init.getInit(index) = this.asExpr() and
79+
index != 0
80+
)
8381
}
8482
}
8583

8684
// Stream.concat(Arrays.stream(array_1), Arrays.stream(array_2))
8785
class StreamConcatAtNonZeroIndex extends DataFlow::Node {
88-
MethodAccess call;
89-
int index;
90-
9186
StreamConcatAtNonZeroIndex() {
92-
call.getMethod().getQualifiedName() = "java.util.stream.Stream.concat" and
93-
call.getArgument(index) = this.asExpr() and
94-
index != 0
87+
exists(MethodAccess call, int index |
88+
call.getMethod().getQualifiedName() = "java.util.stream.Stream.concat" and
89+
call.getArgument(index) = this.asExpr() and
90+
index != 0
91+
)
9592
}
9693
}
9794

0 commit comments

Comments
 (0)