Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll

haby0 · smowton · web-flow · commit aaef4ef22b90 · 2021-04-22T18:52:55.000+08:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll b/java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
@@ -56,7 +56,7 @@ private class CompareSink extends UseOfLessTrustedSink {
       ma.getMethod().getDeclaringType() instanceof TypeString and
       ma.getMethod().getNumberOfParameters() = 1 and
       ma.getQualifier() = this.asExpr() and
-      ma.getArgument(0).(CompileTimeConstantExpr).getStringValue().toLowerCase() in ["", "unknown"]
+      not ma.getArgument(0).(CompileTimeConstantExpr).getStringValue().toLowerCase() in ["", "unknown"]
     )
     or
     exists(MethodAccess ma, int i |

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ private class CompareSink extends UseOfLessTrustedSink {`
`56`	`56`	`ma.getMethod().getDeclaringType() instanceof TypeString and`
`57`	`57`	`ma.getMethod().getNumberOfParameters() = 1 and`
`58`	`58`	`ma.getQualifier() = this.asExpr() and`
`59`		`- ma.getArgument(0).(CompileTimeConstantExpr).getStringValue().toLowerCase() in ["", "unknown"]`
	`59`	`+ not ma.getArgument(0).(CompileTimeConstantExpr).getStringValue().toLowerCase() in ["", "unknown"]`
`60`	`60`	`)`
`61`	`61`	`or`
`62`	`62`	`exists(MethodAccess ma, int i \|`