Update 1.ql

alex123-star · web-flow · commit 54e4d7c6db86 · 2024-10-25T13:06:31.000+08:00
diff --git a/.github/codeql/queries/javascript/security/1.ql b/.github/codeql/queries/javascript/security/1.ql
@@ -1 +1,8 @@
-123
+// CodeQL 示例：查询具有特定特征的变量
+import java
+from MethodAccess  ma, Method m
+where
+m = ma.getMethod () and
+m.getName().regexpMatch("equals |getResourceAsStream|getResourceAsStream|getSyste")
+not m.getDeclaringType() -getName() matches ("SecureUtil WhiteListedClass")
+select ma, "Risky method" + m. getName()
