Created
February 17, 2021 13:40
-
-
Save artem-smotrakov/3e9d52d44b50cd4d07a72b7a86bbd495 to your computer and use it in GitHub Desktop.
JEXL sinks for detecting JEXL injections with CodeQL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private class JexlEvaluationSink extends DataFlow::ExprNode { | |
| JexlEvaluationSink() { | |
| exists(MethodAccess ma, Method m, Expr taintFrom | | |
| ma.getMethod() = m and taintFrom = this.asExpr() | |
| | | |
| m instanceof DirectJexlEvaluationMethod and ma.getQualifier() = taintFrom | |
| or | |
| m instanceof CreateJexlCallableMethod and ma.getQualifier() = taintFrom | |
| or | |
| m instanceof JexlEngineGetSetPropertyMethod and | |
| taintFrom.getType() instanceof TypeString and | |
| ma.getAnArgument() = taintFrom | |
| ) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment