Java: update path-injection query to use new 'read-file' sink kind

Jami Cogswell · Jami Cogswell · commit ce1c814daaa1 · 2023-02-11T17:10:58.000-05:00
diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
@@ -29,7 +29,7 @@ class TaintedPathConfig extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node sink) {
     sink.asExpr() = any(PathCreation p).getAnInput()
     or
-    sinkNode(sink, "create-file")
+    sinkNode(sink, ["create-file", "read-file"])
   }
 
   override predicate isSanitizer(DataFlow::Node sanitizer) {

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ class TaintedPathConfig extends TaintTracking::Configuration {`
`29`	`29`	`override predicate isSink(DataFlow::Node sink) {`
`30`	`30`	`sink.asExpr() = any(PathCreation p).getAnInput()`
`31`	`31`	`or`
`32`		`- sinkNode(sink, "create-file")`
	`32`	`+ sinkNode(sink, ["create-file", "read-file"])`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`override predicate isSanitizer(DataFlow::Node sanitizer) {`