Skip to content

Commit 2833f8d

Browse files
atorralbaatorralba
committed
Change predicate isUnsafeEngine -> isSafeEngine to improve performance
1 parent e78e5b9 commit 2833f8d

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

java/ql/src/semmle/code/java/security/JexlInjection.qll

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ private class DefaultJexlInjectionAdditionalTaintStep extends JexlInjectionAddit
8383
*/
8484
private predicate createJexlScriptStep(DataFlow::Node n1, DataFlow::Node n2) {
8585
exists(MethodAccess ma, Method m | m = ma.getMethod() and n2.asExpr() = ma |
86-
isUnsafeEngine(ma.getQualifier()) and
86+
not isSafeEngine(ma.getQualifier()) and
8787
m instanceof CreateJexlScriptMethod and
8888
n1.asExpr() = ma.getArgument(0) and
8989
n1.asExpr().getType() instanceof TypeString
@@ -96,7 +96,7 @@ private predicate createJexlScriptStep(DataFlow::Node n1, DataFlow::Node n2) {
9696
*/
9797
private predicate createJexlExpressionStep(DataFlow::Node n1, DataFlow::Node n2) {
9898
exists(MethodAccess ma, Method m | m = ma.getMethod() and n2.asExpr() = ma |
99-
isUnsafeEngine(ma.getQualifier()) and
99+
not isSafeEngine(ma.getQualifier()) and
100100
m instanceof CreateJexlExpressionMethod and
101101
n1.asExpr() = ma.getAnArgument() and
102102
n1.asExpr().getType() instanceof TypeString
@@ -111,18 +111,18 @@ private predicate createJexlTemplateStep(DataFlow::Node n1, DataFlow::Node n2) {
111111
exists(MethodAccess ma, Method m, RefType taintType |
112112
m = ma.getMethod() and n2.asExpr() = ma and taintType = n1.asExpr().getType()
113113
|
114-
isUnsafeEngine(ma.getQualifier()) and
114+
not isSafeEngine(ma.getQualifier()) and
115115
m instanceof CreateJexlTemplateMethod and
116116
n1.asExpr() = ma.getArgument([0, 1]) and
117117
(taintType instanceof TypeString or taintType instanceof Reader)
118118
)
119119
}
120120

121121
/**
122-
* Holds if `expr` is a JEXL engine that is not configured with a sandbox.
122+
* Holds if `expr` is a JEXL engine that is configured with a sandbox.
123123
*/
124-
private predicate isUnsafeEngine(Expr expr) {
125-
not exists(SandboxedJexlFlowConfig config | config.hasFlowTo(DataFlow::exprNode(expr)))
124+
private predicate isSafeEngine(Expr expr) {
125+
exists(SandboxedJexlFlowConfig config | config.hasFlowTo(DataFlow::exprNode(expr)))
126126
}
127127

128128
/**

0 commit comments

Comments
 (0)