Merge pull request github#14012 from knewbury01/knewbury01/add-sanitizer-command-query

aschackmull · web-flow · commit bdc5f9cdeaab · 2023-08-22T08:40:49.000+02:00
Java: add sanitizer to command injection query
diff --git a/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md b/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added new sanitizer to Java command injection model
diff --git a/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll b/java/ql/lib/semmle/code/java/security/CommandLineQuery.qll
@@ -42,6 +42,8 @@ private class DefaultCommandInjectionSanitizer extends CommandInjectionSanitizer
     or
     this.getType() instanceof BoxedType
     or
+    this.getType() instanceof NumberType
+    or
     isSafeCommandArgument(this.asExpr())
   }
 }

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added new sanitizer to Java command injection model
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,8 @@ private class DefaultCommandInjectionSanitizer extends CommandInjectionSanitizer`
`42`	`42`	`or`
`43`	`43`	`this.getType() instanceof BoxedType`
`44`	`44`	`or`
	`45`	`+ this.getType() instanceof NumberType`
	`46`	`+ or`
`45`	`47`	`isSafeCommandArgument(this.asExpr())`
`46`	`48`	`}`
`47`	`49`	`}`