hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Generalize sanitizer using local flow

Browse Source
This commit is contained in:
Tony Torralba
2021-06-23 15:46:13 +02:00
parent 64518bf91a
commit 19d1a780ca
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/lib/semmle/code/java/security/UnsafeCertTrust.qll
View File

@@ -55,9 +55,10 @@ abstract class SslUnsafeCertTrustSanitizer extends DataFlow::Node { }
*/
private class SslConnectionWithSafeSslParameters extends SslUnsafeCertTrustSanitizer {
SslConnectionWithSafeSslParameters() {
exists(SafeSslParametersFlowConfig config, DataFlow::Node safe |
exists(SafeSslParametersFlowConfig config, DataFlow::Node safe, DataFlow::Node sanitizer |
config.hasFlowTo(safe) and
this = DataFlow::exprNode(safe.asExpr().(Argument).getCall().getQualifier())
sanitizer = DataFlow::exprNode(safe.asExpr().(Argument).getCall().getQualifier()) and
DataFlow::localFlow(sanitizer, this)
)
}
}
@@ -72,7 +73,7 @@ private class SslEngineServerMode extends SslUnsafeCertTrustSanitizer {
m.getDeclaringType().getASupertype*() instanceof SSLEngine and
ma.getMethod() = m and
ma.getArgument(0).(CompileTimeConstantExpr).getBooleanValue() = false and
this = DataFlow::exprNode(ma.getQualifier())
this.asExpr() = ma.getQualifier()
)
}
}