hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Decouple InsecureBasicAuth.qll to reuse the taint tracking configuration

Browse Source
This commit is contained in:
Tony Torralba
2021-07-20 11:05:28 +02:00
parent 90df3fa94c
commit 30178d4f23
4 changed files with 27 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
View File

@@ -14,22 +14,9 @@
*/
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.InsecureBasicAuth
import semmle.code.java.security.InsecureBasicAuthQuery
import DataFlow::PathGraph
class BasicAuthFlowConfig extends TaintTracking::Configuration {
BasicAuthFlowConfig() { this = "InsecureBasicAuth::BasicAuthFlowConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof InsecureBasicAuthSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureBasicAuthSink }
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
any(InsecureBasicAuthAdditionalTaintStep c).step(node1, node2)
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, BasicAuthFlowConfig config
where config.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "Insecure basic authentication from $@.", source.getNode(),

2
java/ql/src/semmle/code/java/security/InsecureBasicAuth.qll
View File

@@ -30,7 +30,7 @@ private class DefaultInsecureBasicAuthSource extends InsecureBasicAuthSource {
}
/**
* A sink that represents a method that set Basic Authentication.
* A sink that represents a method that sets Basic Authentication.
* Extend this class to add your own Insecure Basic Authentication sinks.
*/
abstract class InsecureBasicAuthSink extends DataFlow::Node { }

21
java/ql/src/semmle/code/java/security/InsecureBasicAuthQuery.qll Normal file
View File

@@ -0,0 +1,21 @@
/** Provides taint tracking configurations to be used in Insecure Basic Authentication queries. */
import java
import semmle.code.java.security.InsecureBasicAuth
import semmle.code.java.dataflow.TaintTracking
/**
* A taint tracking configuration for the Basic authentication scheme
* being used in HTTP connections.
*/
class BasicAuthFlowConfig extends TaintTracking::Configuration {
BasicAuthFlowConfig() { this = "InsecureBasicAuth::BasicAuthFlowConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof InsecureBasicAuthSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureBasicAuthSink }
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
any(InsecureBasicAuthAdditionalTaintStep c).step(node1, node2)
}
}