hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Minor adjustment to resolve error for codeql version 2.15.4

Browse Source
This commit is contained in:
masterofnow
2023-12-16 12:41:39 +08:00
parent 99b273d308
commit 4a77f45aa6
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/src/experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql
View File

@@ -20,7 +20,7 @@ import semmle.code.java.dataflow.TaintTracking
MethodAccess getClassLoaderReachableMethodAccess(DataFlow::Node node)
{
exists(MethodCall maGetClassLoader |
exists(MethodAccess maGetClassLoader |
maGetClassLoader.getCallee().getName() = "getClassLoader" and
maGetClassLoader.getQualifier() = node.asExpr() and
result = maGetClassLoader.getControlFlowNode().getASuccessor+()
@@ -44,7 +44,7 @@ MethodAccess getDangerousReachableMethodAccess(MethodAccess ma)
module SignaturePackageConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
exists(MethodCall maCheckSignatures |
exists(MethodAccess maCheckSignatures |
maCheckSignatures
.getMethod()
.hasQualifiedName("android.content.pm", "PackageManager", "checkSignatures") and
@@ -70,16 +70,16 @@ predicate isSignaturesChecked(MethodAccess maCreatePackageContext)
}
from
MethodCall maCreatePackageContext, LocalVariableDeclExpr lvdePackageContext,
Expr sinkPackageContext, MethodCall maGetMethod, MethodCall maInvoke
MethodAccess maCreatePackageContext, LocalVariableDeclExpr lvdePackageContext,
DataFlow::Node sinkPackageContext, MethodAccess maGetMethod, MethodAccess maInvoke
where
maCreatePackageContext
.getMethod()
.hasQualifiedName("android.content", ["ContextWrapper", "Context"], "createPackageContext") and
not isSignaturesChecked(maCreatePackageContext) and
lvdePackageContext.getEnclosingStmt() = maCreatePackageContext.getEnclosingStmt() and
TaintTracking::localExprTaint(lvdePackageContext.getAnAccess(), sinkPackageContext) and
getClassLoaderReachableMethodCall(sinkPackageContext) = maGetMethod and
getGetMethodMethodCall(maGetMethod) = maInvoke
TaintTracking::localTaint(DataFlow::exprNode(lvdePackageContext.getAnAccess()), sinkPackageContext) and
getClassLoaderReachableMethodAccess(sinkPackageContext) = maGetMethod and
getDangerousReachableMethodAccess(maGetMethod) = maInvoke
select maInvoke, "Potential arbitary code execution due to $@ without $@ signature checking.", sinkPackageContext, "class loading", sinkPackageContext, "package"