Skip to content

Commit 9667b41

Browse files
d10cd10c
committed
Java/CommandLineQuery
https://github.com/github/codeql/blob/85a4dd0325104ecd613c9e3e7c25190d41906605/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql https://github.com/github/codeql/blob/857b51be5895bf437ea25b5ce2581527d5af69fb/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql https://github.com/github/codeql/blob/b6e56f26c7509a041ce92bdda13db0a09da886e3/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
1 parent 3ee393b commit 9667b41

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

java/ql/lib/semmle/code/java/security/CommandLineQuery.qll

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,9 +63,11 @@ module InputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
6363
// only to prevent overlapping results between two queries.
6464
predicate observeDiffInformedIncrementalMode() { any() }
6565

66-
// All queries use the argument as the primary location and do not use the
67-
// sink as an associated location.
66+
// ExecTainted.ql queries use the argument as the primary location;
67+
// ExecUnescaped.ql does not (used to prevent overlapping results).
6868
Location getASelectedSinkLocation(DataFlow::Node sink) {
69+
result = sink.getLocation()
70+
or
6971
exists(Expr argument | argumentToExec(argument, sink) | result = argument.getLocation())
7072
}
7173
}

0 commit comments

Comments
 (0)