We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 452ec8c commit 9774b24Copy full SHA for 9774b24
1 file changed
java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql
@@ -24,7 +24,7 @@ class RegexSink extends DataFlow::ExprNode {
24
RegexSink() {
25
exists(MethodAccess ma, Method m | m = ma.getMethod() |
26
(
27
- m.getDeclaringType().hasQualifiedName("java.lang", "String") and
+ m.getDeclaringType() instanceof TypeString and
28
29
ma.getArgument(0) = this.asExpr() and
30
@@ -47,7 +47,7 @@ class RegexSink extends DataFlow::ExprNode {
47
m.getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "RegExUtils") and
48
49
ma.getArgument(1) = this.asExpr() and
50
- m.getParameterType(1).(Class).hasQualifiedName("java.lang", "String") and
+ m.getParameterType(1).(Class) instanceof TypeString and
51
52
m.hasName("removeAll") or
53
m.hasName("removeFirst") or
0 commit comments