Skip to content

issues Search Results · repo:github/codeql path:docs/codeql "MethodAccess"

Filter by

45 results  (120 ms)

45 results

ingithub/codeql (press backspace or delete to remove)

github/codeql
How to make a taint tracking connection bettween a API of Interface and its implementation API in java using codeql?

awaiting-response
Java
question
Stale
  • soh0ro0t
  • 4
  • Opened 
    on Jul 14, 2022
  • #9820

github/codeql
Problems encountered by Java projects when constructing queries in codeql

... Query statement: import java class UserMapper extends RefType{ UserMapper(){ this.hasQualifiedName( com.jfinal.plugin.activerecord , Db ) } } predicate sql(MethodAccess ma ...
  • ernongxizhu
  • 5
  • Opened 
    on Jul 18, 2022
  • #9843

github/codeql
taint tracking misses some results

question
  • l3yx
  • 2
  • Opened 
    on May 16, 2022
  • #9177

github/codeql
[Java][False negative] in XXE taint propagation from inputstreams

... following hack-y taintstep , the vulns will be flagged override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { exists(MethodAccess m | m.getAnArgument() = pred.asExpr ...
question
  • chmodxxx
  • 1
  • Opened 
    on Jul 25, 2022
  • #9893

github/codeql
When I execute the following query in LGTM, I will be stuck at 61%, and the execution will fail later

... ( javax.naming , InitialContext ) } } predicate isLookup(Expr arg) { exists(MethodAccess ma | ma.getMethod().getName() = lookup and ma.getMethod().getDeclaringType() instanceof ...
question
  • ernongxizhu
  • 6
  • Opened 
    on Mar 24, 2022
  • #8545

github/codeql
(Java) How taint tracking feature reach the internal call of readObject?

... (), stored to obj, is not tainted, and so neither is the read from obj. If you want instead to taint the result of readObject(), then you should use a source like exists(MethodAccess ma | ma = source.asExpr() | ... check that ma is a call to an interesting method here ...)
Java
question
  • flowiri
  • 3
  • Opened 
    on Apr 9, 2022
  • #8707

github/codeql
(Java) Taint Tracking fail on Argument of MethodAccess without Caller

I m trying to write a custom query to detect CVE-2019-26891 (insecure deserialization) on liferay 6 but I ve been struggling for 1 week without any movement. In short, I debug the query and see the partial ...
Java
question
  • flowiri
  • 6
  • Opened 
    on Feb 25, 2022
  • #8242

github/codeql
False Negative: Guards in while loop with break fail to 'control' variable usage outside

false-positive
Java
  • JLLeitschuh
  • 2
  • Opened 
    on Mar 18, 2022
  • #8490

github/codeql
Java: VirtualDispatch doesn't work properly with Default methods in Interfaces

... validate: import java import semmle.code.java.dispatch.VirtualDispatch from VirtCalledSrcMethod top, SrcRefType tsrc, RefType t where exists(MethodAccess ma | ma.getMethod().hasName( validate ...
bug
Java
  • atorralba
  • 3
  • Opened 
    on Aug 3, 2021
  • #6405

github/codeql
Java: Potentially duplicated results and paths from a custom data flow query

... ) ) and this.getCallable().hasName( log ) and this.hasName( data ) } } predicate strategylog(DataFlow::Node node1, DataFlow::Node node2) { exists(MethodAccess ma ...
acknowledged
Java
question
  • KiruaLawliet
  • 5
  • Opened 
    on Dec 18, 2021
  • #7449
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.