hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source
This commit is contained in:
f1v3
2021-05-24 17:02:06 +08:00
committed by Chris Smowton
parent f3bde56de9
commit 168fc4170d
7 changed files with 81 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
View File

@@ -14,6 +14,8 @@ import java
import semmle.code.java.dataflow.DataFlow
import HardcodedCredentials
import DataFlow::PathGraph
import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
class HardcodedCredentialApiCallConfiguration extends DataFlow::Configuration {
HardcodedCredentialApiCallConfiguration() { this = "HardcodedCredentialApiCallConfiguration" }
@@ -27,10 +29,10 @@ class HardcodedCredentialApiCallConfiguration extends DataFlow::Configuration {
override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
node1.asExpr().getType() instanceof TypeString and
exists(MethodAccess ma | ma.getMethod().hasName(["getBytes", "toCharArray","decode"]) |
(exists(MethodAccess ma | ma.getMethod().hasName(["getBytes", "toCharArray"]) |
node2.asExpr() = ma and
(ma.getQualifier() = node1.asExpr() or ma.getAnArgument() = node1.asExpr())
)
ma.getQualifier() = node1.asExpr()) or FlowSummaryImpl::Private::Steps::summaryThroughStep(node1, node2, false))
}
override predicate isBarrier(DataFlow::Node n) {

6
java/ql/src/Security/CWE/CWE-798/SensitiveApi.qll
View File

@@ -490,8 +490,7 @@ private predicate javaApiCallableCryptoKeyParam(string s) {
s = "sun.security.provider.JavaKeyStore;engineSetKeyEntry(String, byte[], Certificate[]);1" or
s = "sun.security.tools.keytool.Main;recoverKey(String, char[], char[]);2" or
s = "sun.security.tools.keytool.Main;getKeyPasswd(String, String, char[]);2" or
s = "sun.security.x509.X509Key;decode(byte[]);0" or
s = "org.apache.shiro.mgt.AbstractRememberMeManager;setCipherKey(byte[]);0"
s = "sun.security.x509.X509Key;decode(byte[]);0"
}
/**
@@ -514,5 +513,6 @@ private predicate otherApiCallableCredentialParam(string s) {
s = "com.amazonaws.auth.BasicAWSCredentials;BasicAWSCredentials(String, String);1" or
s = "com.azure.identity.UsernamePasswordCredentialBuilder;username(String);0" or
s = "com.azure.identity.UsernamePasswordCredentialBuilder;password(String);0" or
s = "com.azure.identity.ClientSecretCredentialBuilder;clientSecret(String);0"
s = "com.azure.identity.ClientSecretCredentialBuilder;clientSecret(String);0" or
s = "org.apache.shiro.mgt.AbstractRememberMeManager;setCipherKey(byte[]);0"
}