Skip to content

Commit 25359d2

Browse files
egregius313egregius313
committed
Deprecate execTainted 
1 parent dcd703f commit 25359d2

File tree

4 files changed

+23
-3
lines changed

4 files changed

+23
-3
lines changed

java/ql/lib/change-notes/2023-03-28-deprecated-exectainted.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
category: deprecated
3+
---
4+
* The `execTainted` predicate in `CommandLineQuery.qll` has been deprecated and replaced with the predicate `execIsTainted`.
5+

java/ql/lib/semmle/code/java/security/CommandLineQuery.qll

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,12 +54,27 @@ module RemoteUserInputToArgumentToExecFlowConfig implements DataFlow::ConfigSig
5454
module RemoteUserInputToArgumentToExecFlow =
5555
TaintTracking::Global<RemoteUserInputToArgumentToExecFlowConfig>;
5656

57+
/**
58+
* DEPRECATED: Use `execIsTainted` instead.
59+
*
60+
* Implementation of `ExecTainted.ql`. It is extracted to a QLL
61+
* so that it can be excluded from `ExecUnescaped.ql` to avoid
62+
* reporting overlapping results.
63+
*/
64+
deprecated predicate execTainted(
65+
DataFlow::PathNode source, DataFlow::PathNode sink, ArgumentToExec execArg
66+
) {
67+
exists(RemoteUserInputToArgumentToExecFlowConfig conf |
68+
conf.hasFlowPath(source, sink) and sink.getNode() = DataFlow::exprNode(execArg)
69+
)
70+
}
71+
5772
/**
5873
* Implementation of `ExecTainted.ql`. It is extracted to a QLL
5974
* so that it can be excluded from `ExecUnescaped.ql` to avoid
6075
* reporting overlapping results.
6176
*/
62-
predicate execTainted(
77+
predicate execIsTainted(
6378
RemoteUserInputToArgumentToExecFlow::PathNode source,
6479
RemoteUserInputToArgumentToExecFlow::PathNode sink, ArgumentToExec execArg
6580
) {

java/ql/src/Security/CWE/CWE-078/ExecTainted.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,6 @@ import RemoteUserInputToArgumentToExecFlow::PathGraph
2121
from
2222
RemoteUserInputToArgumentToExecFlow::PathNode source,
2323
RemoteUserInputToArgumentToExecFlow::PathNode sink, ArgumentToExec execArg
24-
where execTainted(source, sink, execArg)
24+
where execIsTainted(source, sink, execArg)
2525
select execArg, source, sink, "This command line depends on a $@.", source.getNode(),
2626
"user-provided value"

java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,6 @@ import RemoteUserInputToArgumentToExecFlow::PathGraph
2323
from
2424
RemoteUserInputToArgumentToExecFlow::PathNode source,
2525
RemoteUserInputToArgumentToExecFlow::PathNode sink, ArgumentToExec execArg
26-
where execTainted(source, sink, execArg)
26+
where execIsTainted(source, sink, execArg)
2727
select execArg, source, sink, "This command line depends on a $@.", source.getNode(),
2828
"user-provided value"

0 commit comments

Comments
 (0)