From 56727b220bc51fb5afeff0a933bbf974a43cb519 Mon Sep 17 00:00:00 2001
From: Slavomir <gagliardetto@users.noreply.github.com>
Date: Tue, 23 Jun 2020 12:14:49 +0300
Subject: [PATCH] Try different ways of passing taint through a field

---
 ql/src/experimental/CWE-327/InsecureTLS.ql | 10 +++-------
 ql/test/experimental/CWE-327/UnsafeTLS.go  | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/ql/src/experimental/CWE-327/InsecureTLS.ql b/ql/src/experimental/CWE-327/InsecureTLS.ql
index 1c7d21098e3..dd5dd09284c 100644
--- a/ql/src/experimental/CWE-327/InsecureTLS.ql
+++ b/ql/src/experimental/CWE-327/InsecureTLS.ql
@@ -130,13 +130,9 @@ class TlsInsecureCipherSuitesFlowConfig extends TaintTracking::Configuration {
   override predicate isSource(DataFlow::Node source) {
     // TODO: source can also be result of tls.InsecureCipherSuites()[0].ID
     source =
-      any(DataFlow::FieldReadNode fieldRead |
-        fieldRead.getBase().getAPredecessor*() =
-          any(Function insecureCipherSuites |
-            insecureCipherSuites.hasQualifiedName("crypto/tls", "InsecureCipherSuites")
-          ).getACall().getResult() and
-        fieldRead.getFieldName() = "ID"
-      )
+      any(Function insecureCipherSuites |
+        insecureCipherSuites.hasQualifiedName("crypto/tls", "InsecureCipherSuites")
+      ).getACall().getResult()
     or
     source =
       any(DataFlow::ValueEntity val |
diff --git a/ql/test/experimental/CWE-327/UnsafeTLS.go b/ql/test/experimental/CWE-327/UnsafeTLS.go
index bb55a2e13ee..1ac8dc39456 100644
--- a/ql/test/experimental/CWE-327/UnsafeTLS.go
+++ b/ql/test/experimental/CWE-327/UnsafeTLS.go
@@ -178,6 +178,24 @@ func cipherSuites() {
 			config.CipherSuites = append(config.CipherSuites, v.ID) // BAD
 		}
 	}
+	{
+		config := &tls.Config{}
+		cipherSuites := make([]uint16, 0)
+		insecureSuites := tls.InsecureCipherSuites()
+		for _, v := range insecureSuites {
+			cipherSuites = append(cipherSuites, v.ID)
+		}
+		config.CipherSuites = cipherSuites // BAD
+	}
+	{
+		config := &tls.Config{}
+		cipherSuites := make([]uint16, 0)
+		insecureSuites := tls.InsecureCipherSuites()
+		for i := range insecureSuites {
+			cipherSuites = append(cipherSuites, insecureSuites[i].ID)
+		}
+		config.CipherSuites = cipherSuites // BAD
+	}
 }
 
 func good(version string) {