hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-18 16:03:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

remove useless predicate

Browse Source 
add missed FlowState
This commit is contained in:
am0o0
2024-05-12 19:29:14 +02:00
parent 484923e706
commit 02b0b402d6
3 changed files with 13 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.ql
View File

@@ -37,6 +37,8 @@ module DecompressionBombsConfig implements DataFlow::StateConfigSig {
state instanceof ApacheCommons
or
state instanceof XerialSnappy
or
state instanceof UtilZip
)
}

83
java/ql/src/experimental/semmle/code/java/security/DecompressionBomb.qll
View File

@@ -81,16 +81,11 @@ module XerialSnappy {
this.getReceiverType() instanceof TypeInputStream and
this.getCallee().hasName(["read", "readNBytes", "readAllBytes"])
}
/**
* A method Access as a sink which responsible for reading bytes
*/
MethodCall getAByteRead() { result = this }
}
class Sink extends DecompressionBomb::Sink {
override predicate sink(DataFlow::Node sink, DecompressionBomb::DecompressionState state) {
sink.asExpr() = any(ReadInputStreamCall r).getAByteRead() and
sink.asExpr() = any(ReadInputStreamCall r) and
state instanceof DecompressionBomb::XerialSnappy
}
}
@@ -203,16 +198,11 @@ module ApacheCommons {
this.getReceiverType() instanceof TypeCompressors and
this.getCallee().hasName(["read", "readNBytes", "readAllBytes"])
}
/**
* A method Access as a sink which responsible for reading bytes
*/
MethodCall getAByteRead() { result = this }
}
class Sink extends DecompressionBomb::Sink {
override predicate sink(DataFlow::Node sink, DecompressionBomb::DecompressionState state) {
sink.asExpr() = any(ReadInputStreamCall r).getAByteRead() and
sink.asExpr() = any(ReadInputStreamCall r) and
state instanceof DecompressionBomb::ApacheCommons
}
}
@@ -278,16 +268,11 @@ module ApacheCommons {
this.getReceiverType() instanceof TypeArchivers and
this.getCallee().hasName(["read", "readNBytes", "readAllBytes"])
}
/**
* A method Access as a sink which responsible for reading bytes
*/
MethodCall getAByteRead() { result = this }
}
class Sink extends DecompressionBomb::Sink {
override predicate sink(DataFlow::Node sink, DecompressionBomb::DecompressionState state) {
sink.asExpr() = any(ReadInputStreamCall r).getAByteRead() and
sink.asExpr() = any(ReadInputStreamCall r) and
state instanceof DecompressionBomb::ApacheCommons
}
}
@@ -367,16 +352,11 @@ module ApacheCommons {
) and
this.getCallee().hasName(["read", "readNBytes", "readAllBytes"])
}
/**
* A method Access as a sink which responsible for reading bytes
*/
MethodCall getAByteRead() { result = this }
}
class Sink extends DecompressionBomb::Sink {
override predicate sink(DataFlow::Node sink, DecompressionBomb::DecompressionState state) {
sink.asExpr() = any(ReadInputStreamCall r).getAByteRead() and
sink.asExpr() = any(ReadInputStreamCall r) and
state instanceof DecompressionBomb::ApacheCommons
}
}
@@ -404,16 +384,11 @@ module Zip4j {
this.getReceiverType() instanceof TypeZipInputStream and
this.getMethod().hasName(["read", "readNBytes", "readAllBytes"])
}
/**
* A method Access as a sink which responsible for reading bytes
*/
MethodCall getAByteRead() { result = this }
}
class Sink extends DecompressionBomb::Sink {
override predicate sink(DataFlow::Node sink, DecompressionBomb::DecompressionState state) {
sink.asExpr() = any(ReadInputStreamCall r).getAByteRead() and
sink.asExpr() = any(ReadInputStreamCall r) and
state instanceof DecompressionBomb::Zip4j
}
}
@@ -446,40 +421,6 @@ module Zip4j {
}
}
/**
* Providing sinks that can be related to reading uncontrolled buffer and bytes for `org.apache.commons.io` package
*/
module CommonsIO {
/**
* The Access to Methods which work with byes and inputStreams and buffers
*/
class IOUtils extends MethodCall {
IOUtils() {
this.getMethod()
.hasName([
"copy", "copyLarge", "read", "readFully", "readLines", "toBufferedInputStream",
"toByteArray", "toCharArray", "toString", "buffer"
]) and
this.getMethod().getDeclaringType().hasQualifiedName("org.apache.commons.io", "IOUtils")
}
}
class Sink extends DecompressionBomb::Sink {
override predicate sink(DataFlow::Node sink, DecompressionBomb::DecompressionState state) {
sink.asExpr() = any(IOUtils r).getArgument(0) and
(
state instanceof DecompressionBomb::Zip4j
or
state instanceof DecompressionBomb::Inflator
or
state instanceof DecompressionBomb::ApacheCommons
or
state instanceof DecompressionBomb::XerialSnappy
)
}
}
}
/**
* Providing Decompression sinks and additional taint steps for `java.util.zip` package
*/
@@ -503,16 +444,11 @@ module Zip {
this.getReceiverType() instanceof TypeInputStream and
this.getCallee().hasName(["read", "readNBytes", "readAllBytes"])
}
/**
* A method Access as a sink which responsible for reading bytes
*/
MethodCall getAByteRead() { result = this }
}
class ReadInputStreamSink extends DecompressionBomb::Sink {
override predicate sink(DataFlow::Node sink, DecompressionBomb::DecompressionState state) {
sink.asExpr() = any(ReadInputStreamCall r).getAByteRead() and
sink.asExpr() = any(ReadInputStreamCall r) and
state instanceof DecompressionBomb::UtilZip
}
}
@@ -602,16 +538,11 @@ module Zip {
this.getReceiverType() instanceof TypeInflator and
this.getCallee().hasName("inflate")
}
/**
* A method Access as a sink which responsible for reading bytes
*/
MethodCall getAByteRead() { result = this }
}
class InflateSink extends DecompressionBomb::Sink {
override predicate sink(DataFlow::Node sink, DecompressionBomb::DecompressionState state) {
sink.asExpr() = any(InflateCall r).getAByteRead() and
sink.asExpr() = any(InflateCall r) and
state instanceof DecompressionBomb::Inflator
}
}