mirror of
https://github.com/github/codeql.git
synced 2026-04-30 19:26:02 +02:00
Privacy markers and fixed imports
This commit is contained in:
Ed Minnix
@@ -1,8 +1,8 @@
|
||||
/** Provides taint-tracking configurations to reason about arithmetic using local-user-controlled data. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.ArithmeticCommon
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.ArithmeticCommon
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration to reason about arithmetic overflow using local-user-controlled data.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
/** Provides taint-tracking configuration to reason about arithmetic with uncontrolled values. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.RandomQuery
|
||||
private import semmle.code.java.security.SecurityTests
|
||||
private import semmle.code.java.security.ArithmeticCommon
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides predicates and classes for reasoning about arithmetic with extreme values. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import ArithmeticCommon
|
||||
private import semmle.code.java.dataflow.DataFlow
|
||||
private import semmle.code.java.security.ArithmeticCommon
|
||||
|
||||
/**
|
||||
* A field representing an extreme value.
|
||||
@@ -14,12 +14,12 @@ abstract class ExtremeValueField extends Field {
|
||||
}
|
||||
|
||||
/** A field representing the minimum value of a primitive type. */
|
||||
class MinValueField extends ExtremeValueField {
|
||||
private class MinValueField extends ExtremeValueField {
|
||||
MinValueField() { this.getName() = "MIN_VALUE" }
|
||||
}
|
||||
|
||||
/** A field representing the maximum value of a primitive type. */
|
||||
class MaxValueField extends ExtremeValueField {
|
||||
private class MaxValueField extends ExtremeValueField {
|
||||
MaxValueField() { this.getName() = "MAX_VALUE" }
|
||||
}
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides to taint-tracking configuration to reason about the use of broken or risky cryptographic algorithms. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.Encryption
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.Encryption
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
|
||||
private class ShortStringLiteral extends StringLiteral {
|
||||
ShortStringLiteral() { this.getValue().length() < 100 }
|
||||
|
||||
@@ -6,7 +6,7 @@ private import semmle.code.java.security.ExternalProcess
|
||||
private import semmle.code.java.security.CommandArguments
|
||||
|
||||
/** A taint-tracking configuration to reason about use of externally controlled strings to make command line commands. */
|
||||
module LocalUserInputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
|
||||
module ExecTaintedLocalConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node src) { src instanceof LocalUserInput }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof ArgumentToExec }
|
||||
@@ -23,5 +23,4 @@ module LocalUserInputToArgumentToExecFlowConfig implements DataFlow::ConfigSig {
|
||||
/**
|
||||
* Taint-tracking flow for use of externally controlled strings to make command line commands.
|
||||
*/
|
||||
module LocalUserInputToArgumentToExecFlow =
|
||||
TaintTracking::Global<LocalUserInputToArgumentToExecFlowConfig>;
|
||||
module ExecTaintedLocalFlow = TaintTracking::Global<ExecTaintedLocalConfig>;
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides a taint-tracking configuration to reason about externally-controlled format strings from local sources. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.StringFormat
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.StringFormat
|
||||
|
||||
/** A taint-tracking configuration to reason about externally-controlled format strings from local sources. */
|
||||
module ExternallyControlledFormatStringLocalConfig implements DataFlow::ConfigSig {
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides a dataflow configuration to reason about improper validation of code-specified size used for array construction. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.internal.ArraySizing
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
|
||||
/**
|
||||
* A dataflow configuration to reason about improper validation of code-specified size used for array construction.
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides a taint-tracking configuration to reason about improper validation of local user-provided size used for array construction. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.internal.ArraySizing
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration to reason about improper validation of local user-provided size used for array construction.
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
/** Provides a taint-tracking configuration to reason about improper validation of user-provided size used for array construction. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.internal.ArraySizing
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration to reason about improper validation of user-provided size used for array construction.
|
||||
*/
|
||||
private module ImproperValidationOfArrayConstructionConfig implements DataFlow::ConfigSig {
|
||||
module ImproperValidationOfArrayConstructionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
/** Provides a dataflow configuration to reason about improper validation of code-specified array index. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.security.internal.BoundingChecks
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.internal.ArraySizing
|
||||
private import semmle.code.java.security.internal.BoundingChecks
|
||||
private import semmle.code.java.dataflow.DataFlow
|
||||
|
||||
/**
|
||||
* A dataflow configuration to reason about improper validation of code-specified array index.
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides a taint-tracking configuration to reason about improper validation of local user-provided array index. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.internal.ArraySizing
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration to reason about improper validation of local user-provided array index.
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides a taint-tracking configuration to reason about improper validation of user-provided array index. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.internal.ArraySizing
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration to reason about improper validation of user-provided array index.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
/** Provides a dataflow configuration to reason about the failure to use secure cookies. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
private import semmle.code.java.dataflow.DataFlow
|
||||
private import semmle.code.java.frameworks.Servlets
|
||||
|
||||
private predicate isSafeSecureCookieSetting(Expr e) {
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
/** Provides classes to reason about possible truncation from casting of a user-provided value. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.arithmetic.Overflow
|
||||
import semmle.code.java.dataflow.SSA
|
||||
import semmle.code.java.controlflow.Guards
|
||||
import semmle.code.java.dataflow.RangeAnalysis
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.arithmetic.Overflow
|
||||
private import semmle.code.java.dataflow.SSA
|
||||
private import semmle.code.java.controlflow.Guards
|
||||
private import semmle.code.java.dataflow.RangeAnalysis
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
|
||||
/**
|
||||
* A `CastExpr` that is a narrowing cast.
|
||||
@@ -37,7 +37,7 @@ class RightShiftOp extends Expr {
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the expression that is shifted.
|
||||
* Gets the variable that is shifted.
|
||||
*/
|
||||
Variable getShiftedVariable() {
|
||||
this.getLhs() = result.getAnAccess() or
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides a taint-tracking configuration to reason about response splitting vulnerabilities from local user input. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.ResponseSplitting
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.ResponseSplitting
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration to reason about response splitting vulnerabilities from local user input.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
/** Provides classes and modules to reason about SqlInjection vulnerabilities from string concatentation. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.SqlConcatenatedLib
|
||||
private import semmle.code.java.security.SqlInjectionQuery
|
||||
|
||||
|
||||
@@ -3,9 +3,9 @@
|
||||
* that is used in a SQL query.
|
||||
*/
|
||||
|
||||
import semmle.code.java.Expr
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.SqlInjectionQuery
|
||||
import java
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.SqlInjectionQuery
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration for reasoning about local user input that is
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides predicates to reason about exposure of stack-traces. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.dataflow.DataFlow
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.InformationLeak
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides classes to reason about tainted permissions check vulnerabilities. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
|
||||
/**
|
||||
* The `org.apache.shiro.subject.Subject` class.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
/** Provides classes to reason about local information disclosure in a temporary directory. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.os.OSCheck
|
||||
private import semmle.code.java.security.TempDirUtils
|
||||
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides a taint-tracking configuration to reason about URL redirection from local sources. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.UrlRedirect
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.UrlRedirect
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration to reason about URL redirection from local sources.
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
/** Provides a taint-tracking configuration for reasoning about URL redirections. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.security.UrlRedirect
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.security.UrlRedirect
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration for reasoning about URL redirections.
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
/** Provides taint-tracking flow to reason about XPath injection queries. */
|
||||
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
import semmle.code.java.security.XPath
|
||||
import java
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.XPath
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration for reasoning about XPath injection vulnerabilities.
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
/** Provides a taint-tracking configuration to reason about cross-site scripting from a local source. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.FlowSources
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
import semmle.code.java.security.XSS
|
||||
private import semmle.code.java.dataflow.FlowSources
|
||||
private import semmle.code.java.dataflow.TaintTracking
|
||||
private import semmle.code.java.security.XSS
|
||||
|
||||
/**
|
||||
* A taint-tracking configuration for reasoning about cross-site scripting vulnerabilities from a local source.
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
/** Provides predicates and classes to reason about the sizing and indexing of arrays. */
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.dataflow.DefUse
|
||||
import semmle.code.java.security.RandomDataSource
|
||||
private import semmle.code.java.dataflow.DataFlow
|
||||
private import semmle.code.java.dataflow.DefUse
|
||||
private import semmle.code.java.security.RandomDataSource
|
||||
private import BoundingChecks
|
||||
|
||||
/**
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
*/
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.security.ImproperValidationOfArrayConstructionQuery
|
||||
import ImproperValidationOfArrayConstructionFlow::PathGraph
|
||||
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
*/
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.security.ImproperValidationOfArrayConstructionCodeSpecifiedQuery
|
||||
import BoundedFlowSourceFlow::PathGraph
|
||||
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
*/
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.security.ImproperValidationOfArrayConstructionLocalQuery
|
||||
import ImproperValidationOfArrayConstructionLocalFlow::PathGraph
|
||||
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
*/
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.security.ImproperValidationOfArrayIndexQuery
|
||||
import ImproperValidationOfArrayIndexFlow::PathGraph
|
||||
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
*/
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.security.internal.BoundingChecks
|
||||
import semmle.code.java.security.ImproperValidationOfArrayIndexCodeSpecifiedQuery
|
||||
import BoundedFlowSourceFlow::PathGraph
|
||||
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
*/
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.internal.ArraySizing
|
||||
import semmle.code.java.security.ImproperValidationOfArrayIndexLocalQuery
|
||||
import ImproperValidationOfArrayIndexLocalFlow::PathGraph
|
||||
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
*/
|
||||
|
||||
import java
|
||||
import semmle.code.java.StringFormat
|
||||
import semmle.code.java.security.ExternallyControlledFormatStringLocalQuery
|
||||
import ExternallyControlledFormatStringLocalFlow::PathGraph
|
||||
|
||||
|
||||
@@ -13,6 +13,8 @@
|
||||
*/
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.security.ArithmeticCommon
|
||||
import semmle.code.java.security.ArithmeticTaintedLocalQuery
|
||||
|
||||
module Flow =
|
||||
|
||||
@@ -14,6 +14,7 @@
|
||||
*/
|
||||
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.security.StackTraceExposureQuery
|
||||
|
||||
from Expr externalExpr, Expr errorInformation
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
*/
|
||||
|
||||
import java
|
||||
import semmle.code.java.security.Encryption
|
||||
import semmle.code.java.security.BrokenCryptoAlgorithmQuery
|
||||
import InsecureCryptoFlow::PathGraph
|
||||
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.security.XPathInjectionQuery
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
|
||||
Reference in New Issue
Block a user