hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 12:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Re-Add SensitiveResultReceiverConf as deprecated

Browse Source
This commit is contained in:
Ed Minnix
2023-04-12 09:03:40 -04:00
parent 77b67cbf2e
commit 0a26916245
1 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll
View File

@@ -1,7 +1,8 @@
/** Definitions for the sensitive result receiver query. */ /** Definitions for the sensitive result receiver query. */
import java import java
import semmle.code.java.dataflow.TaintTracking2 import semmle.code.java.dataflow.TaintTracking
private import semmle.code.java.dataflow.TaintTracking2
import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.SensitiveActions import semmle.code.java.security.SensitiveActions
@@ -31,6 +32,25 @@ private predicate untrustedResultReceiverSend(DataFlow::Node src, ResultReceiver
UntrustedResultReceiverFlow::flow(src, DataFlow::exprNode(call.getReceiver())) UntrustedResultReceiverFlow::flow(src, DataFlow::exprNode(call.getReceiver()))
} }
deprecated private class SensitiveResultReceiverConf extends TaintTracking::Configuration {
SensitiveResultReceiverConf() { this = "SensitiveResultReceiverConf" }
override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof SensitiveExpr }
override predicate isSink(DataFlow::Node node) {
exists(ResultReceiverSendCall call |
untrustedResultReceiverSend(_, call) and
node.asExpr() = call.getSentData()
)
}
override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
super.allowImplicitRead(node, c)
or
this.isSink(node)
}
}
module SensitiveResultReceiverConfig implements DataFlow::ConfigSig { module SensitiveResultReceiverConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node.asExpr() instanceof SensitiveExpr } predicate isSource(DataFlow::Node node) { node.asExpr() instanceof SensitiveExpr }
@@ -54,13 +74,8 @@ module SensitiveResultReceiverFlow = TaintTracking::Global<SensitiveResultReceiv
deprecated predicate sensitiveResultReceiver( deprecated predicate sensitiveResultReceiver(
DataFlow::PathNode src, DataFlow::PathNode sink, DataFlow::Node recSrc DataFlow::PathNode src, DataFlow::PathNode sink, DataFlow::Node recSrc
) { ) {
exists( exists(ResultReceiverSendCall call |
ResultReceiverSendCall call, SensitiveResultReceiverFlow::PathNode srrSrc, any(SensitiveResultReceiverConf c).hasFlowPath(src, sink) and
SensitiveResultReceiverFlow::PathNode srrSink
|
src.getNode() = srrSrc.getNode() and sink.getNode() = srrSink.getNode()
|
SensitiveResultReceiverFlow::flowPath(srrSrc, srrSink) and
sink.getNode().asExpr() = call.getSentData() and sink.getNode().asExpr() = call.getSentData() and
untrustedResultReceiverSend(recSrc, call) untrustedResultReceiverSend(recSrc, call)
) )