File tree Expand file tree Collapse file tree
java/ql/src/experimental/Security/CWE/CWE-730 Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -17,6 +17,9 @@ import semmle.code.java.dataflow.FlowSources
1717import semmle.code.java.dataflow.TaintTracking
1818import DataFlow:: PathGraph
1919
20+ /**
21+ * A data flow sink for untrusted user input used to construct regular expressions.
22+ */
2023class RegexSink extends DataFlow:: ExprNode {
2124 RegexSink ( ) {
2225 exists ( MethodAccess ma , Method m | m = ma .getMethod ( ) |
@@ -61,6 +64,10 @@ class RegexSink extends DataFlow::ExprNode {
6164
6265abstract class Sanitizer extends DataFlow:: ExprNode { }
6366
67+ /**
68+ * A call to a function whose name suggests that it escapes regular
69+ * expression meta-characters.
70+ */
6471class RegExpSanitizationCall extends Sanitizer {
6572 RegExpSanitizationCall ( ) {
6673 exists ( string calleeName , string sanitize , string regexp |
@@ -75,6 +82,9 @@ class RegExpSanitizationCall extends Sanitizer {
7582 }
7683}
7784
85+ /**
86+ * A taint-tracking configuration for untrusted user input used to construct regular expressions.
87+ */
7888class RegexInjectionConfiguration extends TaintTracking:: Configuration {
7989 RegexInjectionConfiguration ( ) { this = "RegexInjectionConfiguration" }
8090
You can’t perform that action at this time.
0 commit comments