codeql vscode plugin show result in #select page but not alert page
#7505
-
|
evnironment: database of project A:compiled from openjdk8u which is a huge java project(about 18,800+ java files) After successfully compiling , I checked database directory of project B and seen all source files of three projects included in src.zip file. result of project Athis result is exactually what I want.
result of project BAll path nodes in the result showed above are from porject A. Thus, it should come out to share the same part of query result,
just one result in
don't know why, here are my simplify query script which got /**@kind path-problem */
import java
import semmle.code.java.dataflow.TaintTracking
import DataFlow::PathGraph
class DeserialFlowConfig extends TaintTracking::Configuration
{
DeserialFlowConfig()
{
this = "DeserialFlowConfig"
}
override predicate isSource(DataFlow::Node node) {
node.asParameter().getCallable().hasQualifiedName("java.util", "HashMap", "hash")
and node.asParameter().getPosition() = 0
}
override predicate isSink(DataFlow::Node node) {
exists(MethodAccess ma|
ma.getMethod().hasName("hashCode")
and ma.getEnclosingCallable().hasName("hashCode")
and ma.getAnArgument() = node.asExpr()
and ma.getMethod().getDeclaringType().hasQualifiedName("java.net", "URLStreamHandler")
)
}
}
from DeserialFlowConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
where config.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "RESULT"
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Responded at github/securitylab#516 |
Beta Was this translation helpful? Give feedback.
-
|
@smowton Thanks again. |
Beta Was this translation helpful? Give feedback.
Responded at github/securitylab#516