hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Minor changes in QLDocs and a sanitizer's type

Browse Source
This commit is contained in:
Tony Torralba
2021-06-22 09:31:47 +02:00
parent 4313baf622
commit 02d0fa9188
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll
View File

@@ -8,6 +8,7 @@ private import semmle.code.java.dataflow.DataFlow2
/**
* The creation of an object that prepares an SSL connection.
* This is a source for `SslEndpointIdentificationFlowConfig`.
*/
class SslConnectionInit extends DataFlow::Node {
SslConnectionInit() {
@@ -18,6 +19,7 @@ class SslConnectionInit extends DataFlow::Node {
/**
* A call to a method that establishes an SSL connection.
* This is a sink for `SslEndpointIdentificationFlowConfig`.
*/
class SslConnectionCreation extends DataFlow::Node {
SslConnectionCreation() {
@@ -41,12 +43,14 @@ class SslConnectionCreation extends DataFlow::Node {
}
/**
* An SSL object that was assigned a safe `SSLParameters` object an can be considered safe.
* An SSL object that was assigned a safe `SSLParameters` object and can be considered safe.
* This is a sanitizer for `SslEndpointIdentificationFlowConfig`.
*/
class SslConnectionWithSafeSslParameters extends Expr {
class SslConnectionWithSafeSslParameters extends DataFlow::Node {
SslConnectionWithSafeSslParameters() {
exists(SafeSslParametersFlowConfig config, DataFlow::Node safe |
config.hasFlowTo(safe) and this = safe.asExpr().(Argument).getCall().getQualifier()
config.hasFlowTo(safe) and
this = DataFlow::exprNode(safe.asExpr().(Argument).getCall().getQualifier())
)
}
}

2
java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
View File

@@ -23,7 +23,7 @@ class SslEndpointIdentificationFlowConfig extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof SslConnectionCreation }
override predicate isSanitizer(DataFlow::Node sanitizer) {
sanitizer.asExpr() instanceof SslConnectionWithSafeSslParameters
sanitizer instanceof SslConnectionWithSafeSslParameters
}
}