Closed github-actions[bot] closed 1 year ago
Results were truncated due to issue comment size limits. Showing 77 out of 956 results.
- | source | sink | - | - | - |
---|---|---|---|---|---|
... + ... | dbName : String | ... + ... | $@ flows to log entry. | dbName | User-provided value |
... + ... | wildcard : String | ... + ... | $@ flows to log entry. | wildcard | User-provided value |
... + ... | exclude : String | ... + ... | $@ flows to log entry. | exclude | User-provided value |
format(...) | dbName : String | format(...) | $@ flows to log entry. | dbName | User-provided value |
format(...) | srcIp : String | format(...) | $@ flows to log entry. | srcIp | User-provided value |
format(...) | wildcard : String | format(...) | $@ flows to log entry. | wildcard | User-provided value |
format(...) | srcIp : String | format(...) | $@ flows to log entry. | srcIp | User-provided value |
format(...) | metric : String | format(...) | $@ flows to log entry. | metric | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | metricName : String | format(...) | $@ flows to log entry. | metricName | User-provided value |
format(...) | metricName : String | format(...) | $@ flows to log entry. | metricName | User-provided value |
format(...) | startName : String | format(...) | $@ flows to log entry. | startName | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | metric : String | format(...) | $@ flows to log entry. | metric | User-provided value |
msg | getParameter(...) : String | msg | $@ flows to log entry. | getParameter(...) | User-provided value |
msg | getParameter(...) : String | msg | $@ flows to log entry. | getParameter(...) | User-provided value |
msg | pattern : String | msg | $@ flows to log entry. | pattern | User-provided value |
msg | pattern : String | msg | $@ flows to log entry. | pattern | User-provided value |
... + ... | getParameter(...) : String | ... + ... | $@ flows to log entry. | getParameter(...) | User-provided value |
... + ... | getParameter(...) : String | ... + ... | $@ flows to log entry. | getParameter(...) | User-provided value |
... + ... | pattern : String | ... + ... | $@ flows to log entry. | pattern | User-provided value |
... + ... | pattern : String | ... + ... | $@ flows to log entry. | pattern | User-provided value |
msg | name : String | msg | $@ flows to log entry. | name | User-provided value |
msg | name : String | msg | $@ flows to log entry. | name | User-provided value |
format(...) | metric : String | format(...) | $@ flows to log entry. | metric | User-provided value |
format(...) | metric : String | format(...) | $@ flows to log entry. | metric | User-provided value |
errMessage | postForEntity(...) : ResponseEntity | errMessage | $@ flows to log entry. | postForEntity(...) | User-provided value |
errMessage | postForEntity(...) : ResponseEntity | errMessage | $@ flows to log entry. | postForEntity(...) | User-provided value |
msg | getParameter(...) : String | msg | $@ flows to log entry. | getParameter(...) | User-provided value |
msg | getParameter(...) : String | msg | $@ flows to log entry. | getParameter(...) | User-provided value |
- | source | sink | - | - | - |
---|---|---|---|---|---|
clientIp | getHeader(...) : String | clientIp | $@ flows to log entry. | getHeader(...) | User-provided value |
clientIp | getHeader(...) : String | clientIp | $@ flows to log entry. | getHeader(...) | User-provided value |
metaDataDTO | metaDataDTO : MetaDataDTO | metaDataDTO | $@ flows to log entry. | metaDataDTO | User-provided value |
tokenValue | getHeader(...) : String | tokenValue | $@ flows to log entry. | getHeader(...) | User-provided value |
metaData | metaData : MetaData | metaData | $@ flows to log entry. | metaData | User-provided value |
metaData | metaData : MetaData | metaData | $@ flows to log entry. | metaData | User-provided value |
metaData | metaData : MetaData | metaData | $@ flows to log entry. | metaData | User-provided value |
metaData | metaData : MetaData | metaData | $@ flows to log entry. | metaData | User-provided value |
json | exchange(...) : ResponseEntity | json | $@ flows to log entry. | exchange(...) | User-provided value |
json | postForEntity(...) : ResponseEntity | json | $@ flows to log entry. | postForEntity(...) | User-provided value |
name | name : String | name | $@ flows to log entry. | name | User-provided value |
getName(...) | pluginData : PluginData | getName(...) | $@ flows to log entry. | pluginData | User-provided value |
name | name : String | name | $@ flows to log entry. | name | User-provided value |
- | source | sink | - | - | - |
---|---|---|---|---|---|
params | cluster : String | params | $@ flows to log entry. | cluster | User-provided value |
params | params : ScaleClusterParamsModel | params | $@ flows to log entry. | params | User-provided value |
result | getEntityStream(...) : InputStream | result | $@ flows to log entry. | getEntityStream(...) | User-provided value |
msg | getUriInfo(...) : UriInfo | msg | $@ flows to log entry. | getUriInfo(...) | User-provided value |
msg | getUriInfo(...) : UriInfo | msg | $@ flows to log entry. | getUriInfo(...) | User-provided value |
msg | getEntityStream(...) : InputStream | msg | $@ flows to log entry. | getEntityStream(...) | User-provided value |
- | source | sink | - | - | - |
---|---|---|---|---|---|
message | user : Person | message | $@ flows to log entry. | user | User-provided value |
message | user : Person | message | $@ flows to log entry. | user | User-provided value |
message | user : Person | message | $@ flows to log entry. | user | User-provided value |
message | user : Person | message | $@ flows to log entry. | user | User-provided value |
message | user : Person | message | $@ flows to log entry. | user | User-provided value |
- | source | sink | - | - | - |
---|---|---|---|---|---|
... + ... | getIntent(...) : Intent | ... + ... | $@ flows to log entry. | getIntent(...) | User-provided value |
... + ... | intent : Intent | ... + ... | $@ flows to log entry. | intent | User-provided value |
Query
Click to expand
```ql /** * @name Log Injection * @description Building log entries from user-controlled data is vulnerable to * insertion of forged log entries by a malicious user. * @kind path-problem * @problem.severity error * @precision high * @id java/log-injection * @tags security * external/cwe/cwe-117 */ import java import DataFlow::PathGraph import experimental.semmle.code.java.Logging import semmle.code.java.dataflow.FlowSources /** * A taint-tracking configuration for tracking untrusted user input used in log entries. */ private class LogInjectionConfiguration extends TaintTracking::Configuration { LogInjectionConfiguration() { this = "Log Injection" } override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } override predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(LoggingCall c).getALogArgument() } override predicate isSanitizer(DataFlow::Node node) { node.getType() instanceof BoxedType or node.getType() instanceof PrimitiveType } } from LogInjectionConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasFlowPath(source, sink) select sink.getNode(), source, sink, "$@ flows to log entry.", source.getNode(), "User-provided value" ```Results