Split configs into Query.qll library

2026-05-05 05:35:13 +02:00 · 2022-03-10 11:32:37 +00:00
parent 6c05f7a81a
commit 4bf6c10896
2 changed files with 30 additions and 31 deletions
--- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -0,0 +1,28 @@
+/** Provides configurations for sensitive logging queries. */
+
+import java
+import semmle.code.java.dataflow.ExternalFlow
+import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.security.SensitiveActions
+import DataFlow
+
+/** Variable keeps sensitive information judging by its name * */
+class CredentialExpr extends Expr {
+  CredentialExpr() {
+    exists(Variable v | this = v.getAnAccess() |
+      v.getName().regexpMatch([getCommonSensitiveInfoRegex(), "(?i).*(username).*"])
+    )
+  }
+}
+
+class SensitiveLoggerConfiguration extends DataFlow::Configuration {
+  SensitiveLoggerConfiguration() { this = "SensitiveLoggerConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
+
+  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }
+
+  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    TaintTracking::localTaintStep(node1, node2)
+  }
+}