File tree Expand file tree Collapse file tree 2 files changed +5
-5
lines changed
semmle/code/java/dataflow Expand file tree Collapse file tree 2 files changed +5
-5
lines changed Original file line number Diff line number Diff line change @@ -129,7 +129,7 @@ private class FlagToGuardFlow extends DataFlow::Configuration {
129129 override predicate isSink ( DataFlow:: Node sink ) { sink .asExpr ( ) instanceof Guard }
130130
131131 override predicate isAdditionalFlowStep ( DataFlow:: Node node1 , DataFlow:: Node node2 ) {
132- exists ( MethodAccess ma | ma .getMethod ( ) = any ( EnvTaintedMethod m ) |
132+ exists ( MethodAccess ma | ma .getMethod ( ) = any ( EnvReadMethod m ) |
133133 ma = node2 .asExpr ( ) and ma .getAnArgument ( ) = node1 .asExpr ( )
134134 )
135135 or
Original file line number Diff line number Diff line change @@ -226,7 +226,7 @@ class EnvInput extends LocalUserInput {
226226 )
227227 or
228228 // Results from various specific methods.
229- this .asExpr ( ) .( MethodAccess ) .getMethod ( ) instanceof EnvTaintedMethod
229+ this .asExpr ( ) .( MethodAccess ) .getMethod ( ) instanceof EnvReadMethod
230230 or
231231 // Access to `System.in`.
232232 exists ( Field f | this .asExpr ( ) = f .getAnAccess ( ) | f instanceof SystemIn )
@@ -292,9 +292,9 @@ private class SpringWebRequestGetMethod extends Method {
292292 }
293293}
294294
295- /** Models methods that are tainted by the environment of the user , such as `System.getProperty` or `System.getenv() `. */
296- class EnvTaintedMethod extends Method {
297- EnvTaintedMethod ( ) {
295+ /** A method that reads from the environment, such as `System.getProperty` or `System.getenv`. */
296+ class EnvReadMethod extends Method {
297+ EnvReadMethod ( ) {
298298 this instanceof MethodSystemGetenv or
299299 this instanceof PropertiesGetPropertyMethod or
300300 this instanceof MethodSystemGetProperty
You can’t perform that action at this time.
0 commit comments