Refactor into separate libraries

2025-12-24 04:36:35 +01:00 · 2021-10-29 17:36:02 +02:00
parent 7f15177498
commit 3ea1af3819
6 changed files with 299 additions and 61 deletions
--- a/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
@@ -11,28 +11,10 @@
 */

 import java
+import semmle.code.java.security.LogInjectionQuery
 import DataFlow::PathGraph
-import experimental.semmle.code.java.Logging
-import semmle.code.java.dataflow.FlowSources
-
-/**
- * A taint-tracking configuration for tracking untrusted user input used in log entries.
- */
-private class LogInjectionConfiguration extends TaintTracking::Configuration {
-  LogInjectionConfiguration() { this = "Log Injection" }
-
-  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
-
-  override predicate isSink(DataFlow::Node sink) {
-    sink.asExpr() = any(LoggingCall c).getALogArgument()
-  }
-
-  override predicate isSanitizer(DataFlow::Node node) {
-    node.getType() instanceof BoxedType or node.getType() instanceof PrimitiveType
-  }
-}

 from LogInjectionConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to log entry.", source.getNode(),
-  "User-provided value"
+select sink.getNode(), source, sink, "This $@ flows to a log entry.", source.getNode(),
+  "user-provided value"
--- a/java/ql/src/experimental/semmle/code/java/Logging.qll
+++ b/java/ql/src/experimental/semmle/code/java/Logging.qll
@@ -1,40 +0,0 @@
-/**
- * Provides classes and predicates for working with loggers.
- */
-
-import java
-
-/** Models a call to a logging method. */
-class LoggingCall extends MethodAccess {
-  LoggingCall() {
-    exists(RefType t, Method m |
-      t.hasQualifiedName("org.apache.log4j", "Category") or // Log4j 1
-      t.hasQualifiedName("org.apache.logging.log4j", ["Logger", "LogBuilder"]) or // Log4j 2
-      t.hasQualifiedName("org.apache.commons.logging", "Log") or
-      // JBoss Logging (`org.jboss.logging.Logger` in some implementations like JBoss Application Server 4.0.4 did not implement `BasicLogger`)
-      t.hasQualifiedName("org.jboss.logging", ["BasicLogger", "Logger"]) or
-      t.hasQualifiedName("org.slf4j.spi", "LoggingEventBuilder") or
-      t.hasQualifiedName("org.slf4j", "Logger") or
-      t.hasQualifiedName("org.scijava.log", "Logger") or
-      t.hasQualifiedName("com.google.common.flogger", "LoggingApi") or
-      t.hasQualifiedName("java.lang", "System$Logger") or
-      t.hasQualifiedName("java.util.logging", "Logger")
-    |
-      (
-        m.getDeclaringType().getASourceSupertype*() = t or
-        m.getDeclaringType().extendsOrImplements*(t)
-      ) and
-      m.getReturnType() instanceof VoidType and
-      this = m.getAReference()
-    )
-    or
-    exists(RefType t, Method m | t.hasQualifiedName("android.util", "Log") |
-      m.hasName(["d", "e", "i", "v", "w", "wtf"]) and
-      m.getDeclaringType() = t and
-      this = m.getAReference()
-    )
-  }
-
-  /** Returns an argument which would be logged by this call. */
-  Argument getALogArgument() { result = this.getArgument(_) }
-}