hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Enhance the query and update qldoc

Browse Source
This commit is contained in:
luchua-bc
2020-12-14 17:01:30 +00:00
parent d469e9b24e
commit 523f0fb247
2 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.qhelp
View File

@@ -2,7 +2,7 @@
<qhelp>
<overview>
<p>
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resources. Therefore it is a common attack vector.
Storing a plaintext password in a configuration file allows anyone who can read the file to access the password-protected resources.
</p>
</overview>

22
java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql
View File

@@ -16,22 +16,22 @@ predicate isNotPassword(XMLAttribute a) {
or
a.getValue().regexpMatch("\\$\\{.*\\}") // Variable placeholder ${password}
or
a.getValue().charAt(a.getValue().length() - 1) = "=" // A basic check of encrypted passwords ending with padding characters, which could be improved to be more accurate.
a.getValue().matches("%=") // A basic check of encrypted passwords ending with padding characters, which could be improved to be more accurate.
}
from XMLAttribute a
from XMLAttribute nameAttr
where
a.getName().toLowerCase() in ["password", "pwd"] and not isNotPassword(a) // Attribute name "password" or "pwd"
nameAttr.getName().toLowerCase() in ["password", "pwd"] and not isNotPassword(nameAttr) // Attribute name "password" or "pwd"
or
exists(
XMLAttribute b // name/value pair like <property name="password" value="mysecret"/>
XMLAttribute valueAttr // name/value pair like <property name="password" value="mysecret"/>
|
b.getElement() = a.getElement() and
a.getName().toLowerCase() = "name" and
a.getValue().toLowerCase() in ["password", "pwd"] and
b.getName().toLowerCase() = "value" and
not isNotPassword(b)
valueAttr.getElement() = nameAttr.getElement() and
nameAttr.getName().toLowerCase() = "name" and
nameAttr.getValue().toLowerCase() in ["password", "pwd"] and
valueAttr.getName().toLowerCase() = "value" and
not isNotPassword(valueAttr)
)
or
a.getValue().regexpMatch("(?is).*(pwd|password)\\s*=(?!\\s*;).*") // Attribute value matches password pattern
select a, "Plaintext password in configuration file."
nameAttr.getValue().regexpMatch("(?is).*(pwd|password)\\s*=(?!\\s*;).*") // Attribute value matches password pattern
select nameAttr, "Plaintext password in configuration file."