Skip to content

Commit e851b03

Browse files
committed
Java: Add source and sink kind model validation.
1 parent 8e7e6c4 commit e851b03

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -629,6 +629,27 @@ module CsvValidation {
629629
not kind = ["taint", "value"] and
630630
msg = "Invalid kind \"" + kind + "\" in summary model."
631631
)
632+
or
633+
exists(string row, string kind | sinkModel(row) |
634+
kind = row.splitAt(";", 7) and
635+
not kind =
636+
[
637+
"open-url", "jndi-injection", "ldap", "sql", "jdbc-url", "logging", "mvel", "xpath",
638+
"groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent",
639+
"url-open-stream", "url-redirect", "create-file", "write-file", "set-hostname-verifier",
640+
"header-splitting", "information-leak", "xslt", "jexl", "bean-validation"
641+
] and
642+
not kind.matches("regex-use%") and
643+
not kind.matches("qltest%") and
644+
msg = "Invalid kind \"" + kind + "\" in sink model."
645+
)
646+
or
647+
exists(string row, string kind | sourceModel(row) |
648+
kind = row.splitAt(";", 7) and
649+
not kind = ["remote", "contentprovider", "android-widget"] and
650+
not kind.matches("qltest%") and
651+
msg = "Invalid kind \"" + kind + "\" in source model."
652+
)
632653
}
633654
}
634655

0 commit comments

Comments
 (0)