Skip to content

Commit 40eef25

Browse files
am0o0am0o0
committed
use more specefic Classes instead of Call 
1 parent 591b1b4 commit 40eef25

File tree

1 file changed

+5
-10
lines changed

1 file changed

+5
-10
lines changed

java/ql/src/experimental/semmle/code/java/security/DecompressionBomb.qll

Lines changed: 5 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -56,8 +56,7 @@ module XerialSnappy {
5656
*/
5757
private class InputStreamAdditionalTaintStep extends DecompressionBomb::AdditionalStep {
5858
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
59-
exists(Call call |
60-
// Constructors
59+
exists(ConstructorCall call |
6160
call.getCallee().getDeclaringType() instanceof TypeInputStream and
6261
call.getArgument(0) = n1.asExpr() and
6362
call = n2.asExpr()
@@ -153,8 +152,7 @@ module ApacheCommons {
153152
private class CompressorsAndArchiversAdditionalTaintStep extends DecompressionBomb::AdditionalStep
154153
{
155154
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
156-
exists(Call call |
157-
// Constructors
155+
exists(ConstructorCall call |
158156
call.getCallee().getDeclaringType() instanceof TypeCompressors and
159157
call.getArgument(0) = n1.asExpr() and
160158
call = n2.asExpr()
@@ -207,8 +205,7 @@ module ApacheCommons {
207205
private class CompressorsAndArchiversAdditionalTaintStep extends DecompressionBomb::AdditionalStep
208206
{
209207
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
210-
exists(Call call |
211-
// Constructors
208+
exists(ConstructorCall call |
212209
call.getCallee().getDeclaringType() instanceof TypeArchivers and
213210
call.getArgument(0) = n1.asExpr() and
214211
call = n2.asExpr()
@@ -247,8 +244,7 @@ module ApacheCommons {
247244
private class CompressorsAndArchiversAdditionalTaintStep extends DecompressionBomb::AdditionalStep
248245
{
249246
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
250-
exists(Call call |
251-
// Constructors
247+
exists(MethodCall call |
252248
(
253249
call.getCallee().getDeclaringType() instanceof TypeCompressors
254250
or
@@ -309,8 +305,7 @@ module Zip4j {
309305
private class CompressorsAndArchiversAdditionalTaintStep extends DecompressionBomb::AdditionalStep
310306
{
311307
override predicate step(DataFlow::Node n1, DataFlow::Node n2) {
312-
exists(Call call |
313-
// Constructors
308+
exists(ConstructorCall call |
314309
call.getCallee().getDeclaringType() instanceof TypeZipInputStream and
315310
call.getArgument(0) = n1.asExpr() and
316311
call = n2.asExpr()

0 commit comments

Comments
 (0)