Add credentials sinks from SensitiveApi

2026-04-22 23:35:14 +02:00 · 2023-09-12 23:13:33 -04:00
parent 057a74d914
commit 646254c9b2
1 changed files with 3 additions and 0 deletions
--- a/java/ql/lib/semmle/code/java/security/WeakRandomnessQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/WeakRandomnessQuery.qll
@@ -3,6 +3,7 @@
 import java
 private import semmle.code.java.frameworks.Servlets
 private import semmle.code.java.security.SensitiveActions
+private import semmle.code.java.security.SensitiveApi
 private import semmle.code.java.dataflow.TaintTracking
 private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.security.RandomQuery
@@ -66,6 +67,8 @@ private class CryptographicSink extends WeakRandomnessSink {
  CryptographicSink() { sinkNode(this, "crypto-parameter") }
 }

+private class CredentialsSink extends WeakRandomnessSink instanceof CredentialsSinkNode { }
+
 /**
 * Holds if there is a method access which converts `bytes` to the string `str`.
 */