Skip to content

Commit 06517c6

Browse files
committed
Move QueryInjectionSink into importable library
This enables defining of new sinks to customise the CWE-089 queries.
1 parent c166fee commit 06517c6

2 files changed

Lines changed: 6 additions & 3 deletions

File tree

java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,13 @@
22

33
import semmle.code.java.Expr
44
import semmle.code.java.dataflow.FlowSources
5+
import semmle.code.java.security.QueryInjection
56
import semmle.code.java.frameworks.android.SQLite
67
import semmle.code.java.frameworks.javaee.Persistence
78
import semmle.code.java.frameworks.SpringJdbc
89
import semmle.code.java.frameworks.MyBatis
910
import semmle.code.java.frameworks.Hibernate
1011

11-
/** A sink for database query language injection vulnerabilities. */
12-
abstract class QueryInjectionSink extends DataFlow::ExprNode { }
13-
1412
/** A sink for SQL injection vulnerabilities. */
1513
class SqlInjectionSink extends QueryInjectionSink {
1614
SqlInjectionSink() {
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
import java
2+
import semmle.code.java.dataflow.DataFlow
3+
4+
/** A sink for database query language injection vulnerabilities. */
5+
abstract class QueryInjectionSink extends DataFlow::ExprNode { }

0 commit comments

Comments
 (0)