hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-07 22:51:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Refactor SensitiveCommunication.ql.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2023-03-15 10:32:35 +01:00
parent ca8e013618
commit 4b814ec71c
3 changed files with 34 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
java/ql/lib/semmle/code/java/security/AndroidSensitiveCommunicationQuery.qll
View File

@@ -122,9 +122,11 @@ private predicate isStartActivityOrServiceSink(DataFlow::Node arg) {
}
/**
* DEPRECATED: Use `SensitiveCommunicationFlow` instead.
*
* Taint configuration tracking flow from variables containing sensitive information to broadcast Intents.
*/
class SensitiveCommunicationConfig extends TaintTracking::Configuration {
deprecated class SensitiveCommunicationConfig extends TaintTracking::Configuration {
SensitiveCommunicationConfig() { this = "Sensitive Communication Configuration" }
override predicate isSource(DataFlow::Node source) {
@@ -148,3 +150,27 @@ class SensitiveCommunicationConfig extends TaintTracking::Configuration {
this.isSink(node)
}
}
private module SensitiveCommunicationConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof SensitiveInfoExpr }
predicate isSink(DataFlow::Node sink) {
isSensitiveBroadcastSink(sink)
or
isStartActivityOrServiceSink(sink)
}
/**
* Holds if broadcast doesn't specify receiving package name of the 3rd party app
*/
predicate isBarrier(DataFlow::Node node) { node instanceof ExplicitIntentSanitizer }
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
isSink(node) and exists(c)
}
}
/**
* Tracks taint flow from variables containing sensitive information to broadcast Intents.
*/
module SensitiveCommunicationFlow = TaintTracking::Make<SensitiveCommunicationConfig>;