Be precise when checking for Cipher.ENCRYPT_MODE

2026-02-09 19:51:07 +01:00 · 2021-08-14 12:18:02 +02:00
parent 4e69081c22
commit 11992404ec
1 changed files with 5 additions and 1 deletions
--- a/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
+++ b/java/ql/src/experimental/semmle/code/java/security/StaticInitializationVectorQuery.qll
@@ -102,7 +102,11 @@ private class EncryptionModeConfig extends TaintTracking2::Configuration {
  EncryptionModeConfig() { this = "EncryptionModeConfig" }

  override predicate isSource(DataFlow::Node source) {
-    source.asExpr().(VarAccess).getVariable().hasName("ENCRYPT_MODE")
+    source
+        .asExpr()
+        .(FieldRead)
+        .getField()
+        .hasQualifiedName("javax.crypto", "Cipher", "ENCRYPT_MODE")
  }

  override predicate isSink(DataFlow::Node sink) {