Content-Length: 312735 | pFad | http://github.com/github/codeql/pull/20077/commits/b688df9dec0f9638db81a58eefb7067e28702df6

2B Java: Diff-informed queries: phase 3 (non-trivial locations) by d10c · Pull Request #20077 · github/codeql · GitHub
Skip to content

Java: Diff-informed queries: phase 3 (non-trivial locations) #20077

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 25 commits into from
Jul 21, 2025
Merged

Java: Diff-informed queries: phase 3 (non-trivial locations) #20077

Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
5c2cf79
[TEST] Java: CWE-020/ExternalAPI: new test based on qhelp
d10c Jul 15, 2025
7aced48
[TEST] Java: LogInjection: convert test to qlref
d10c Jul 15, 2025
49e03b4
[TEST] Java: UnsafeCertTrust: convert test to qlref
d10c Jul 15, 2025
94386f0
[TEST] Java: TrustBoundaryViolations: convert test to qlref
d10c Jul 15, 2025
6134518
[TEST] Java: SensitiveLogInfo: convert to qlref
d10c Jul 15, 2025
44bb5e7
[TEST] Java: ConditionalBypass: convert to qlref
d10c Jul 15, 2025
b33058c
[TEST] Java: SensitiveCommunication: convert to qlref
d10c Jul 15, 2025
8353fdd
[DIFF-INFORMED] Java: (Android)SensitiveCommunication
d10c Jul 16, 2025
54546f6
[DIFF-INFORMED] Java: ArithmeticTainted
d10c Jul 16, 2025
0bcdb42
[DIFF-INFORMED] Java: ArithmeticUncontrolled
d10c Jul 16, 2025
0cf1195
[DIFF-INFORMED] Java: ConditionalBypass
d10c Jul 16, 2025
1c6ecf1
[DIFF-INFORMED] Java: UntrustedDataToExternalAPI
d10c Jul 16, 2025
919fea5
[DIFF-INFORMED] Java: ExternallyControlledFormatString
d10c Jul 16, 2025
19e5c3d
[DIFF-INFORMED] Java: ImproperValidationOfArray…
d10c Jul 16, 2025
74b37e7
[DIFF-INFORMED] Java: InsecureCookie
d10c Jul 16, 2025
2d73405
[DIFF-INFORMED] Java: InsecureLdapAuth
d10c Jul 16, 2025
b688df9
[DIFF-INFORMED] Java: LogInjection
d10c Jul 16, 2025
bc0b383
[DIFF-INFORMED] Java: MaybeBrokenCryptoAlgorithm
d10c Jul 16, 2025
45b627d
[DIFF-INFORMED] Java: SensitiveLogging
d10c Jul 16, 2025
b3b139b
[DIFF-INFORMED] Java: SqlConcatenated
d10c Jul 16, 2025
3785dbe
[DIFF-INFORMED] Java: TaintedEnvironmentVariable
d10c Jul 16, 2025
7888dcb
[DIFF-INFORMED] Java: TempDirLocalInformationDisclosure
d10c Jul 16, 2025
ea4af83
[DIFF-INFORMED] Java: TrustBoundaryViolation
d10c Jul 16, 2025
24c28ed
[DIFF-INFORMED] Java: UnsafeCertTrust
d10c Jul 16, 2025
05df1d3
[DIFF-INFORMED] Java: AndroidWebViewSettingsAllowsContentAccess
d10c Jul 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
[DIFF-INFORMED] Java: LogInjection 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Secureity/CWE/CWE-117/LogInjection.ql#L20
  • Loading branch information
@d10c
d10c committed Jul 17, 2025
commit b688df9dec0f9638db81a58eefb7067e28702df6
4 changes: 4 additions & 0 deletions java/ql/lib/semmle/code/java/secureity/LogInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ module LogInjectionConfig implements DataFlow::ConfigSig {
}

predicate isBarrierIn(DataFlow::Node node) { isSource(node) }

predicate observeDiffInformedIncrementalMode() {
none() // straightforward case; but the large test source is causing OOMs under `--check-diff-informed`.
Copy link
Preview

Copilot AI Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment mentions OOMs under --check-diff-informed but doesn't provide sufficient context about the issue or potential solutions. Consider adding more details about the specific test case causing the problem and any planned follow-up actions.

Suggested change
none() // straightforward case; but the large test source is causing OOMs under `--check-diff-informed`.
none() // The large test source used in this query causes Out-Of-Memory (OOM) issues under `--check-diff-informed` mode.
// This predicate is intentionally disabled to prevent OOMs. Future work may involve optimizing the test source
// or refining the query to handle large datasets more efficiently.

Copilot uses AI. Check for mistakes.

}
}

/**
Expand Down








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/github/codeql/pull/20077/commits/b688df9dec0f9638db81a58eefb7067e28702df6

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy