hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Minor corrections.

Browse Source
This commit is contained in:
Geoffrey White
2025-11-12 19:26:45 +00:00
parent 7a62642ed7
commit 0675a29ae6
4 changed files with 10 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
rust/ql/lib/codeql/rust/security/DisabledCertificateCheckExtensions.qll
View File

@@ -21,7 +21,7 @@ module DisabledCertificateCheckExtensions {
}
/**
* A default sink for disabled certificate check based on function names.
* A default sink for disabled certificate check vulnerabilities based on function names.
*/
private class DefaultSink extends Sink {
DefaultSink() {
@@ -34,7 +34,7 @@ module DisabledCertificateCheckExtensions {
}
/**
* A sink for disabled certificate check from model data.
* A sink for disabled certificate check vulnerabilities from model data.
*/
private class ModelsAsDataSink extends Sink {
ModelsAsDataSink() { sinkNode(this, "disable-certificate") }

2
rust/ql/src/change-notes/2025-11-12-disabled-certificate-check.md
View File

@@ -1,4 +1,4 @@
---
category: newQuery
---
* Added a new query `rust/disabled-certificate-check, to detect disabled TLS certificate checks.
* Added a new query `rust/disabled-certificate-check`, to detect disabled TLS certificate checks.

2
rust/ql/src/queries/security/CWE-295/DisabledCertificateCheck.qhelp
View File

@@ -11,7 +11,7 @@ The <code>danger_accept_invalid_certs</code> and <code>danger_accept_invalid_hos
<recommendation>
<p>
Do not set <code>danger_accept_invalid_certs</code> or <code>danger_accept_invalid_hostnames</code> to <code>true</code> except in controlled environments such as tests. In production, always ensure certificate and hostname verification are enabled to prevent security risks.
Do not set <code>danger_accept_invalid_certs</code> or <code>danger_accept_invalid_hostnames</code> to <code>true</code>, except in controlled environments such as tests. In production, always ensure certificate and hostname verification are enabled to prevent security risks.
</p>
</recommendation>

13
rust/ql/src/queries/security/CWE-295/DisabledCertificateCheck.ql
View File

@@ -16,9 +16,9 @@ import codeql.rust.dataflow.DataFlow
import codeql.rust.security.DisabledCertificateCheckExtensions
/**
* A taint configuration for disabling TLS certificate checks.
* A taint configuration for disabled TLS certificate checks.
*/
module LogInjectionConfig implements DataFlow::ConfigSig {
module DisabledCertificateCheckConfig implements DataFlow::ConfigSig {
import DisabledCertificateCheckExtensions
predicate isSource(DataFlow::Node node) {
@@ -30,13 +30,12 @@ module LogInjectionConfig implements DataFlow::ConfigSig {
predicate observeDiffInformedIncrementalMode() { any() }
}
module DisabledCertificateCheckExtensionFlow = DataFlow::Global<LogInjectionConfig>;
module DisabledCertificateCheckFlow = DataFlow::Global<DisabledCertificateCheckConfig>;
import DisabledCertificateCheckExtensionFlow::PathGraph
import DisabledCertificateCheckFlow::PathGraph
from
DisabledCertificateCheckExtensionFlow::PathNode sourceNode,
DisabledCertificateCheckExtensionFlow::PathNode sinkNode
where DisabledCertificateCheckExtensionFlow::flowPath(sourceNode, sinkNode)
DisabledCertificateCheckFlow::PathNode sourceNode, DisabledCertificateCheckFlow::PathNode sinkNode
where DisabledCertificateCheckFlow::flowPath(sourceNode, sinkNode)
select sinkNode.getNode(), sourceNode, sinkNode,
"Disabling TLS certificate validation can expose the application to man-in-the-middle attacks."