Skip to content

Commit

Permalink
Merge pull request #7426 from MathiasVP/fix-join-order-in-http-string…
Browse files Browse the repository at this point in the history 
…-literal-charpred

C++: Fix join-order in `HttpStringLiteral` charpred
  • Loading branch information
@aschackmull
aschackmull authored Dec 17, 2021
2 parents 96aef9f + 53a1f93 commit 3adc0b5
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ class PrivateHostName extends string {
}
}

pragma[nomagic]
predicate privateHostNameFlowsToExpr(Expr e) {
TaintTracking::localExprTaint(any(StringLiteral p | p.getValue() instanceof PrivateHostName), e)
}

/**
* A string containing an HTTP URL not in a private domain.
*/
Expand All @@ -38,11 +43,9 @@ class HttpStringLiteral extends StringLiteral {
or
exists(string tail |
tail = s.regexpCapture("http://(.*)", 1) and not tail instanceof PrivateHostName
) and
not TaintTracking::localExprTaint(any(StringLiteral p |
p.getValue() instanceof PrivateHostName
), this.getParent*())
)
)
) and
not privateHostNameFlowsToExpr(this.getParent*())
}
}

Expand Down

0 comments on commit 3adc0b5

Please sign in to comment.