hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Deprecate the content of ImproperValidationOrArray and remove local query variants.

Browse Source
This commit is contained in:
Michael Nebel
2024-04-30 15:28:26 +02:00
parent acd0fa4b7b
commit 301a6cc191
14 changed files with 22 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayConstructionLocalQuery.qll
View File

@@ -7,7 +7,7 @@ private import semmle.code.java.dataflow.FlowSources
/**
* A taint-tracking configuration to reason about improper validation of local user-provided size used for array construction.
*/
module ImproperValidationOfArrayConstructionLocalConfig implements DataFlow::ConfigSig {
deprecated module ImproperValidationOfArrayConstructionLocalConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
predicate isSink(DataFlow::Node sink) {
@@ -16,7 +16,9 @@ module ImproperValidationOfArrayConstructionLocalConfig implements DataFlow::Con
}
/**
* DEPRECATED: Use `ImproperValidationOfArrayConstructionFlow` instead and configure threat model sources to include `local`.
*
* Taint-tracking flow for improper validation of local user-provided size used for array construction.
*/
module ImproperValidationOfArrayConstructionLocalFlow =
deprecated module ImproperValidationOfArrayConstructionLocalFlow =
TaintTracking::Global<ImproperValidationOfArrayConstructionLocalConfig>;

6
java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexLocalQuery.qll
View File

@@ -7,7 +7,7 @@ private import semmle.code.java.dataflow.FlowSources
/**
* A taint-tracking configuration to reason about improper validation of local user-provided array index.
*/
module ImproperValidationOfArrayIndexLocalConfig implements DataFlow::ConfigSig {
deprecated module ImproperValidationOfArrayIndexLocalConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof LocalUserInput }
predicate isSink(DataFlow::Node sink) {
@@ -20,7 +20,9 @@ module ImproperValidationOfArrayIndexLocalConfig implements DataFlow::ConfigSig
}
/**
* DEPRECATED: Use `ImproperValidationOfArrayIndexFlow` instead and configure threat model sources to include `local`.
*
* Taint-tracking flow for improper validation of local user-provided array index.
*/
module ImproperValidationOfArrayIndexLocalFlow =
deprecated module ImproperValidationOfArrayIndexLocalFlow =
TaintTracking::Global<ImproperValidationOfArrayIndexLocalConfig>;

5
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.qhelp
View File

@@ -1,5 +0,0 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<include src="ImproperValidationOfArrayConstruction.qhelp" /></qhelp>

29
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql
View File

@@ -1,29 +0,0 @@
/**
* @name Improper validation of local user-provided size used for array construction
* @description Using unvalidated local input as the argument to
* a construction of an array can lead to index out of bound exceptions.
* @kind path-problem
* @problem.severity recommendation
* @security-severity 8.8
* @precision medium
* @id java/improper-validation-of-array-construction-local
* @tags security
* external/cwe/cwe-129
*/
import java
import semmle.code.java.security.internal.ArraySizing
import semmle.code.java.security.ImproperValidationOfArrayConstructionLocalQuery
import ImproperValidationOfArrayConstructionLocalFlow::PathGraph
from
ImproperValidationOfArrayConstructionLocalFlow::PathNode source,
ImproperValidationOfArrayConstructionLocalFlow::PathNode sink, Expr sizeExpr,
ArrayCreationExpr arrayCreation, CheckableArrayAccess arrayAccess
where
arrayAccess.canThrowOutOfBoundsDueToEmptyArray(sizeExpr, arrayCreation) and
sizeExpr = sink.getNode().asExpr() and
ImproperValidationOfArrayConstructionLocalFlow::flowPath(source, sink)
select arrayAccess.getIndexExpr(), source, sink,
"This accesses the $@, but the array is initialized using a $@ which may be zero.", arrayCreation,
"array", source.getNode(), "user-provided value"

5
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.qhelp
View File

@@ -1,5 +0,0 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<include src="ImproperValidationOfArrayIndex.qhelp" /></qhelp>

27
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql
View File

@@ -1,27 +0,0 @@
/**
* @name Improper validation of local user-provided array index
* @description Using local user input as an index to an array, without
* proper validation, can lead to index out of bound exceptions.
* @kind path-problem
* @problem.severity recommendation
* @security-severity 8.8
* @precision medium
* @id java/improper-validation-of-array-index-local
* @tags security
* external/cwe/cwe-129
*/
import java
import semmle.code.java.security.internal.ArraySizing
import semmle.code.java.security.ImproperValidationOfArrayIndexLocalQuery
import ImproperValidationOfArrayIndexLocalFlow::PathGraph
from
ImproperValidationOfArrayIndexLocalFlow::PathNode source,
ImproperValidationOfArrayIndexLocalFlow::PathNode sink, CheckableArrayAccess arrayAccess
where
arrayAccess.canThrowOutOfBounds(sink.getNode().asExpr()) and
ImproperValidationOfArrayIndexLocalFlow::flowPath(source, sink)
select arrayAccess.getIndexExpr(), source, sink,
"This index depends on a $@ which can cause an ArrayIndexOutOfBoundsException.", source.getNode(),
"user-provided value"

0
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected → java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstruction.expected
View File

6
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstruction.ext.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/threat-models
extensible: threatModelConfiguration
data:
- ["local", true, 0]

1
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstruction.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql

1
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.qlref
View File

@@ -1 +0,0 @@
Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql

0
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected → java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndex.expected
View File

6
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndex.ext.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/threat-models
extensible: threatModelConfiguration
data:
- ["local", true, 0]

1
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndex.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql

1
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.qlref
View File

@@ -1 +0,0 @@
Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql