forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathUntrustedDataToExternalAPI.ql
More file actions
25 lines (23 loc) · 919 Bytes
/
UntrustedDataToExternalAPI.ql
File metadata and controls
25 lines (23 loc) · 919 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
/**
* @name Untrusted data passed to external API
* @description Data provided remotely is used in this external API without sanitization, which could be a security risk.
* @id cs/untrusted-data-to-external-api
* @kind path-problem
* @precision low
* @problem.severity error
* @security-severity 7.8
* @tags security external/cwe/cwe-020
*/
import csharp
import semmle.code.csharp.commons.QualifiedName
import semmle.code.csharp.security.dataflow.ExternalAPIsQuery
import RemoteSourceToExternalApi::PathGraph
from
RemoteSourceToExternalApi::PathNode source, RemoteSourceToExternalApi::PathNode sink,
string qualifier, string name
where
RemoteSourceToExternalApi::flowPath(source, sink) and
sink.getNode().(ExternalApiDataNode).hasQualifiedName(qualifier, name)
select sink, source, sink,
"Call to " + getQualifiedName(qualifier, name) + " with untrusted data from $@.", source,
source.toString()