Open github-actions[bot] opened 2 years ago
Results were truncated due to issue comment size limits. Showing 77 out of 956 results.
- | source | sink | - | - | - |
---|---|---|---|---|---|
... + ... | dbName : String | ... + ... | $@ flows to log entry. | dbName | User-provided value |
... + ... | wildcard : String | ... + ... | $@ flows to log entry. | wildcard | User-provided value |
... + ... | exclude : String | ... + ... | $@ flows to log entry. | exclude | User-provided value |
format(...) | dbName : String | format(...) | $@ flows to log entry. | dbName | User-provided value |
format(...) | srcIp : String | format(...) | $@ flows to log entry. | srcIp | User-provided value |
format(...) | wildcard : String | format(...) | $@ flows to log entry. | wildcard | User-provided value |
format(...) | srcIp : String | format(...) | $@ flows to log entry. | srcIp | User-provided value |
format(...) | metric : String | format(...) | $@ flows to log entry. | metric | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | metricName : String | format(...) | $@ flows to log entry. | metricName | User-provided value |
format(...) | metricName : String | format(...) | $@ flows to log entry. | metricName | User-provided value |
format(...) | startName : String | format(...) | $@ flows to log entry. | startName | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
format(...) | name : String | format(...) | $@ flows to log entry. | name | User-provided value |
msg | getParameter(...) : String | msg | $@ flows to log entry. | getParameter(...) | User-provided value |
msg | getParameter(...) : String | msg | $@ flows to log entry. | getParameter(...) | User-provided value |
msg | pattern : String | msg | $@ flows to log entry. | pattern | User-provided value |
msg | pattern : String | msg | $@ flows to log entry. | pattern | User-provided value |
... + ... | getParameter(...) : String | ... + ... | $@ flows to log entry. | getParameter(...) | User-provided value |
... + ... | getParameter(...) : String | ... + ... | $@ flows to log entry. | getParameter(...) | User-provided value |
... + ... | pattern : String | ... + ... | $@ flows to log entry. | pattern | User-provided value |
... + ... | pattern : String | ... + ... | $@ flows to log entry. | pattern | User-provided value |
format(...) | metric : String | format(...) | $@ flows to log entry. | metric | User-provided value |
format(...) | metric : String | format(...) | $@ flows to log entry. | metric | User-provided value |
format(...) | metric : String | format(...) | $@ flows to log entry. | metric | User-provided value |
msg | name : String | msg | $@ flows to log entry. | name | User-provided value |
msg | name : String | msg | $@ flows to log entry. | name | User-provided value |
errMessage | postForEntity(...) : ResponseEntity | errMessage | $@ flows to log entry. | postForEntity(...) | User-provided value |
errMessage | postForEntity(...) : ResponseEntity | errMessage | $@ flows to log entry. | postForEntity(...) | User-provided value |
msg | getParameter(...) : String | msg | $@ flows to log entry. | getParameter(...) | User-provided value |
msg | getParameter(...) : String | msg | $@ flows to log entry. | getParameter(...) | User-provided value |
- | source | sink | - | - | - |
---|---|---|---|---|---|
params | cluster : String | params | $@ flows to log entry. | cluster | User-provided value |
params | params : ScaleClusterParamsModel | params | $@ flows to log entry. | params | User-provided value |
result | getEntityStream(...) : InputStream | result | $@ flows to log entry. | getEntityStream(...) | User-provided value |
msg | getUriInfo(...) : UriInfo | msg | $@ flows to log entry. | getUriInfo(...) | User-provided value |
msg | getEntityStream(...) : InputStream | msg | $@ flows to log entry. | getEntityStream(...) | User-provided value |
msg | getUriInfo(...) : UriInfo | msg | $@ flows to log entry. | getUriInfo(...) | User-provided value |
- | source | sink | - | - | - |
---|---|---|---|---|---|
... + ... | getInputStream(...) : InputStream | ... + ... | $@ flows to log entry. | getInputStream(...) | User-provided value |
... + ... | getInputStream(...) : InputStream | ... + ... | $@ flows to log entry. | getInputStream(...) | User-provided value |
... + ... | getInputStream(...) : InputStream | ... + ... | $@ flows to log entry. | getInputStream(...) | User-provided value |
... + ... | getInputStream(...) : InputStream | ... + ... | $@ flows to log entry. | getInputStream(...) | User-provided value |
... + ... | getInputStream(...) : InputStream | ... + ... | $@ flows to log entry. | getInputStream(...) | User-provided value |
... + ... | getInputStream(...) : InputStream | ... + ... | $@ flows to log entry. | getInputStream(...) | User-provided value |
- | source | sink | - | - | - |
---|---|---|---|---|---|
message | user : Person | message | $@ flows to log entry. | user | User-provided value |
message | user : Person | message | $@ flows to log entry. | user | User-provided value |
message | user : Person | message | $@ flows to log entry. | user | User-provided value |
message | user : Person | message | $@ flows to log entry. | user | User-provided value |
message | user : Person | message | $@ flows to log entry. | user | User-provided value |
- | source | sink | - | - | - |
---|---|---|---|---|---|
... + ... | getIntent(...) : Intent | ... + ... | $@ flows to log entry. | getIntent(...) | User-provided value |
... + ... | intent : Intent | ... + ... | $@ flows to log entry. | intent | User-provided value |
Query
Click to expand
```ql /** * @name Log Injection * @description Building log entries from user-controlled data is vulnerable to * insertion of forged log entries by a malicious user. * @kind path-problem * @problem.severity error * @precision high * @id java/log-injection * @tags security * external/cwe/cwe-117 */ import java import DataFlow::PathGraph import experimental.semmle.code.java.Logging import semmle.code.java.dataflow.FlowSources /** * A taint-tracking configuration for tracking untrusted user input used in log entries. */ private class LogInjectionConfiguration extends TaintTracking::Configuration { LogInjectionConfiguration() { this = "Log Injection" } override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } override predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(LoggingCall c).getALogArgument() } override predicate isSanitizer(DataFlow::Node node) { node.getType() instanceof BoxedType or node.getType() instanceof PrimitiveType } } from LogInjectionConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink where cfg.hasFlowPath(source, sink) select sink.getNode(), source, sink, "$@ flows to log entry.", source.getNode(), "User-provided value" ```Results