CodeQL library for Java/Kotlin
codeql/java-all 0.9.2-dev (changelog, source)
Index
Search

Module TempDirSystemGetPropertyDirectlyToMkdirConfig

Configuration that tracks calls to to mkdir or mkdirs that are are directly on the temp directory system property. Examples:

  • File tempDir = new File(System.getProperty("java.io.tmpdir")); tempDir.mkdir();
  • File tempDir = new File(System.getProperty("java.io.tmpdir")); tempDir.mkdirs();

These are examples of code that is simply verifying that the temp directory exists. As such, this code pattern is filtered out as an explicit vulnerability in TempDirSystemGetPropertyToCreateConfig::isSink.

Import path

import semmle.code.java.security.TempDirLocalInformationDisclosureQuery

Predicates

isBarrier

Holds if data flow through node is prohibited. This completely removes node from the data flow graph.

isSink

Holds if sink is a relevant data flow sink.

isSource

Holds if source is a relevant data flow source.