Merge pull request #17036 from chmodxxx/sbaddou/fix

Java: Move SensitiveLoggerConfig source to extensible format
2025-12-17 01:03:14 +01:00 · 2024-07-23 14:55:26 +01:00
parent 67dac96e80 4f80ae2190
commit 4c8da54b64
2 changed files with 13 additions and 2 deletions
--- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -7,6 +7,9 @@ import semmle.code.java.security.SensitiveActions
 import semmle.code.java.frameworks.android.Compose
 private import semmle.code.java.security.Sanitizers

+/** A data flow source node for sensitive logging sources. */
+abstract class SensitiveLoggerSource extends DataFlow::Node { }
+
 /** A variable that may hold sensitive information, judging by its name. */
 class VariableWithSensitiveName extends Variable {
  VariableWithSensitiveName() {
@@ -26,6 +29,10 @@ class CredentialExpr extends VarAccess {
  }
 }

+private class CredentialExprSource extends SensitiveLoggerSource {
+  CredentialExprSource() { this.asExpr() instanceof CredentialExpr }
+}
+
 /** An instantiation of a (reflexive, transitive) subtype of `java.lang.reflect.Type`. */
 private class TypeType extends RefType {
  pragma[nomagic]
@@ -42,7 +49,7 @@ private class TypeType extends RefType {
 deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
  SensitiveLoggerConfiguration() { this = "SensitiveLoggerConfiguration" }

-  override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
+  override predicate isSource(DataFlow::Node source) { source instanceof SensitiveLoggerSource }

  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") }

@@ -59,7 +66,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati

 /** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
 module SensitiveLoggerConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
+  predicate isSource(DataFlow::Node source) { source instanceof SensitiveLoggerSource }

  predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") }

--- a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md
+++ b/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.