Skip to content

Commit 7e5f2e2

Browse files
committed
experimentalSinkModel to sinkModel, remove one path injection sink that already exist before
1 parent 412472e commit 7e5f2e2

File tree

4 files changed

+3
-5
lines changed

4 files changed

+3
-5
lines changed

java/ql/lib/ext/experimental/s3-transfer-manager.model.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
extensions:
22
- addsTo:
33
pack: codeql/java-all
4-
extensible: experimentalSinkModel
4+
extensible: sinkModel
55
data:
66
- ["software.amazon.awssdk.transfer.s3.model","ResumableFileUpload",true,"serializeToFile","(Path)","","Argument[0]","path-injection","manual"]
77
- ["software.amazon.awssdk.transfer.s3.model","DownloadFileRequest$Builder",true,"destination","(Path)","","Argument[0]","path-injection","manual"]

java/ql/lib/ext/experimental/spring-core.model.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
extensions:
22
- addsTo:
33
pack: codeql/java-all
4-
extensible: experimentalSinkModel
4+
extensible: sinkModel
55
data:
66
- ["org.springframework.core.io","FileSystemResource",true,"FileSystemResource","(FileSystem,String)","","Argument[1]","path-injection","manual"]
77
- ["org.springframework.core.io","FileSystemResource",true,"FileSystemResource","(File)","","Argument[0]","path-injection","manual"]
@@ -23,5 +23,4 @@ extensions:
2323
- ["org.springframework.util","FileSystemUtils",true,"deleteRecursively","(Path)","","Argument[0]","path-injection","manual"]
2424
- ["org.springframework.util","ResourceUtils",true,"getFile","(String)","","Argument[0]","path-injection","manual"]
2525
- ["org.springframework.util","FileCopyUtils",true,"copyToByteArray","(File)","","Argument[0]","path-injection","manual"]
26-
- ["org.springframework.util","FileCopyUtils",true,"copyToString","(Reader)","","Argument[0]","path-injection","manual"]
2726
- ["org.springframework.util","FileSystemUtils",true,"copyRecursively","(File,File)","","Argument[0]","path-injection","manual"]
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
extensions:
22
- addsTo:
33
pack: codeql/java-all
4-
extensible: experimentalSinkModel
4+
extensible: sinkModel
55
data:
66
- ["net.lingala.zip4j","ZipFile",true,"extractAll","(String)","","Argument[0]","path-injection","manual"]
77
- ["net.lingala.zip4j","ZipFile",true,"ZipFile","(String)","","Argument[0]","path-injection","manual"]

java/ql/test/query-tests/security/CWE-022/semmle/tests/NewPathInjection/PathInjection/src/main/java/com/PathInjection/SpringIoPathInjection.java

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,5 @@ public void PathInjection(String path) throws IOException {
4343
FileSystemUtils.deleteRecursively(filePath); // $ PathInjection
4444
FileCopyUtils.copy(pathFile, pathFile); // $ PathInjection
4545
FileCopyUtils.copyToByteArray(pathFile); // $ PathInjection
46-
FileCopyUtils.copyToString(new FileReader("fa"));
4746
}
4847
}

0 commit comments

Comments
 (0)