diff --git a/java-debug-pack/source-and-sink-counts/java__non_https_url/query.ql b/java-debug-pack/source-and-sink-counts/java__non_https_url/query.ql index 4b443bc..9c7668a 100644 --- a/java-debug-pack/source-and-sink-counts/java__non_https_url/query.ql +++ b/java-debug-pack/source-and-sink-counts/java__non_https_url/query.ql @@ -44,7 +44,7 @@ class HTTPStringToURLOpenMethodFlowConfig extends TaintTracking::Configuration { override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { exists(UrlConstructorCall u | - node1.asExpr() = u.protocolArg() and + node1.asExpr() = u.getProtocolArg() and node2.asExpr() = u ) } diff --git a/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql b/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql index 58b7d82..c7067c4 100644 --- a/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql +++ b/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql @@ -2,16 +2,10 @@ import java import semmle.code.java.dataflow.FlowSources -import semmle.code.java.security.UnsafeDeserialization +import semmle.code.java.security.UnsafeDeserializationQuery -class UnsafeDeserializationConfig extends TaintTracking::Configuration { - UnsafeDeserializationConfig() { this = "UnsafeDeserializationConfig" } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeDeserializationSink } -} from string type, int amount where exists(string qid | qid = "java/unsafe-deserialization" and ( diff --git a/java-debug-pack/sources-and-sinks/java__non_https_url/query.ql b/java-debug-pack/sources-and-sinks/java__non_https_url/query.ql index cf4a0ab..47838f6 100644 --- a/java-debug-pack/sources-and-sinks/java__non_https_url/query.ql +++ b/java-debug-pack/sources-and-sinks/java__non_https_url/query.ql @@ -51,7 +51,7 @@ class HTTPStringToURLOpenMethodFlowConfig extends TaintTracking::Configuration { override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { exists(UrlConstructorCall u | - node1.asExpr() = u.protocolArg() and + node1.asExpr() = u.getProtocolArg() and node2.asExpr() = u ) } diff --git a/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql b/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql index 02c3ee6..c573b62 100644 --- a/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql +++ b/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql @@ -9,16 +9,10 @@ import java import semmle.code.java.dataflow.FlowSources -import semmle.code.java.security.UnsafeDeserialization +import semmle.code.java.security.UnsafeDeserializationQuery -class UnsafeDeserializationConfig extends TaintTracking::Configuration { - UnsafeDeserializationConfig() { this = "UnsafeDeserializationConfig" } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeDeserializationSink } -} from DataFlow::Node n, string type where exists(string qid | qid = "java/unsafe-deserialization" and ( diff --git a/process.py b/process.py index eadeddf..b208eca 100644 --- a/process.py +++ b/process.py @@ -75,6 +75,7 @@ def get(array, i, default): def codeql(*args): args = [codeql_executable] + list(args) print(' '.join(args), flush=True) + output = None try: output = subprocess.run( args, @@ -85,7 +86,8 @@ def codeql(*args): except subprocess.CalledProcessError as cpe: print('Command failed with exit code: ' + str(cpe.returncode)) print('stdout:') - print(cpe.output.decode()) + output = cpe.output + print(output.decode()) print('stderr:') print(cpe.stderr.decode(), flush=True) raise