hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor to use ConditionalBypassQuery.qll

Browse Source
This commit is contained in:
Tony Torralba
2021-09-02 13:53:35 +02:00
parent a484e9fb06
commit 1f7990d6bb
2 changed files with 34 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
View File

@@ -13,33 +13,10 @@
*/
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.SensitiveActions
import semmle.code.java.controlflow.Dominance
import semmle.code.java.controlflow.Guards
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.security.ConditionalBypassQuery
import DataFlow::PathGraph
/**
* Calls to a sensitive method that are controlled by a condition
* on the given expression.
*/
predicate conditionControlsMethod(MethodAccess m, Expr e) {
exists(ConditionBlock cb, SensitiveExecutionMethod def, boolean cond |
cb.controls(m.getBasicBlock(), cond) and
def = m.getMethod() and
not cb.controls(def.getAReference().getBasicBlock(), cond.booleanNot()) and
e = cb.getCondition()
)
}
class ConditionalBypassFlowConfig extends TaintTracking::Configuration {
ConditionalBypassFlowConfig() { this = "ConditionalBypassFlowConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { conditionControlsMethod(_, sink.asExpr()) }
}
from
DataFlow::PathNode source, DataFlow::PathNode sink, MethodAccess m, Expr e,
ConditionalBypassFlowConfig conf