remove sanitiserGuards

github · Mar 18, 2021 · a88c368 · a88c368
1 parent 84c9137
commit a88c368
Showing 1 changed file with 0 additions and 29 deletions.
diff --git a/java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.ql
@@ -30,35 +30,6 @@ private class LogInjectionConfiguration extends TaintTracking::Configuration {
   override predicate isSanitizer(DataFlow::Node node) {
     node.getType() instanceof BoxedType or node.getType() instanceof PrimitiveType
   }
-
-  override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
-    guard instanceof StrCheckSanitizerGuard
-  }
-}
-
-/**
- * Models any regex or equality check as a sanitizer guard.
- * Assumes any check on the taint to be a valid sanitizing check.
- */
-private class StrCheckSanitizerGuard extends DataFlow::BarrierGuard {
-  StrCheckSanitizerGuard() {
-    exists(Method m |
-      m.getDeclaringType().hasQualifiedName("java.util.regex", "Pattern") and
-      m.hasName("matches")
-      or
-      m.getDeclaringType() instanceof TypeString and
-      m.hasName([
-          "startsWith", "regionMatches", "matches", "equals", "equalsIgnoreCase", "endsWith",
-          "contentEquals", "contains"
-        ])
-    |
-      m.getAReference() = this
-    )
-  }
-
-  override predicate checks(Expr e, boolean branch) {
-    e = this.(MethodAccess).getQualifier() and branch = true
-  }
 }
 
 from LogInjectionConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink