Skip to content

Commit abaa71e

Browse files
pwntesterpwntester
committed
Update Sql Injection queries
move java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll -> java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll
1 parent ccd7bb5 commit abaa71e

File tree

4 files changed

+11
-5
lines changed

4 files changed

+11
-5
lines changed

java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll renamed to java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,16 @@
1-
/** Definitions used by the queries for database query injection. */
1+
/**
2+
* Provides taint tracking and dataflow configurations to be used in Sql injection queries.
3+
*
4+
* Do not import this from a library file, in order to reduce the risk of
5+
* unintentionally bringing a TaintTracking::Configuration into scope in an unrelated
6+
* query.
7+
*/
28

39
import java
410
import semmle.code.java.dataflow.FlowSources
511
import semmle.code.java.security.QueryInjection
612

7-
private class QueryInjectionFlowConfig extends TaintTracking::Configuration {
13+
class QueryInjectionFlowConfig extends TaintTracking::Configuration {
814
QueryInjectionFlowConfig() { this = "SqlInjectionLib::QueryInjectionFlowConfig" }
915

1016
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }

java/ql/src/Security/CWE/CWE-089/SqlTainted.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414

1515
import java
1616
import semmle.code.java.dataflow.FlowSources
17-
import SqlInjectionLib
17+
import semmle.code.java.security.SqlInjectionQuery
1818
import DataFlow::PathGraph
1919

2020
from QueryInjectionSink query, DataFlow::PathNode source, DataFlow::PathNode sink

java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414

1515
import semmle.code.java.Expr
1616
import semmle.code.java.dataflow.FlowSources
17-
import SqlInjectionLib
17+
import semmle.code.java.security.SqlInjectionQuery
1818
import DataFlow::PathGraph
1919

2020
class LocalUserInputToQueryInjectionFlowConfig extends TaintTracking::Configuration {

java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414

1515
import java
1616
import semmle.code.java.security.SqlUnescapedLib
17-
import SqlInjectionLib
17+
import semmle.code.java.security.SqlInjectionQuery
1818

1919
class UncontrolledStringBuilderSource extends DataFlow::ExprNode {
2020
UncontrolledStringBuilderSource() {

0 commit comments

Comments
 (0)