Remove cached property from SensitiveSource::flowsTo

2026-05-04 05:05:12 +02:00 · 2021-09-14 12:38:41 +02:00
parent 563e8a2bd6
commit 51d2b5225e
5 changed files with 5 additions and 6 deletions
--- a/java/ql/lib/semmle/code/java/security/CleartextStorageClassQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/CleartextStorageClassQuery.qll
@@ -35,7 +35,7 @@ private class Serializable extends ClassStore {
    not this instanceof Properties and
    // restrict attention to tainted instances
    exists(SensitiveSource data |
-      data.flowsToCached(getInstanceInput(_, this.getConstructor().getDeclaringType()))
+      data.flowsTo(getInstanceInput(_, this.getConstructor().getDeclaringType()))
    )
  }

--- a/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/CleartextStorageQuery.qll
@@ -25,8 +25,7 @@ class SensitiveSource extends Expr {
  }

  /** Holds if this source flows to the `sink`. */
-  cached
-  predicate flowsToCached(Expr sink) {
+  predicate flowsTo(Expr sink) {
    exists(SensitiveSourceFlowConfig conf |
      conf.hasFlow(DataFlow::exprNode(this), DataFlow::exprNode(sink))
    )
--- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql
+++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql
@@ -18,6 +18,6 @@ from SensitiveSource data, ClassStore s, Expr input, Expr store
 where
  input = s.getAnInput() and
  store = s.getAStore() and
-  data.flowsToCached(input)
+  data.flowsTo(input)
 select store, "Storable class $@ containing $@ is stored here. Data was added $@.", s, s.toString(),
  data, "sensitive data", input, "here"
--- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
+++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
@@ -17,6 +17,6 @@ from SensitiveSource data, Cookie s, Expr input, Expr store
 where
  input = s.getAnInput() and
  store = s.getAStore() and
-  data.flowsToCached(input)
+  data.flowsTo(input)
 select store, "Cookie $@ containing $@ is stored here. Data was added $@.", s, s.toString(), data,
  "sensitive data", input, "here"
--- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
+++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
@@ -17,6 +17,6 @@ from SensitiveSource data, Properties s, Expr input, Expr store
 where
  input = s.getAnInput() and
  store = s.getAStore() and
-  data.flowsToCached(input)
+  data.flowsTo(input)
 select store, "'Properties' class $@ containing $@ is stored here. Data was added $@.", s,
  s.toString(), data, "sensitive data", input, "here"