hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor NFEAndroidDoS

Browse Source
This commit is contained in:
Ed Minnix
2023-04-12 10:03:45 -04:00
parent 94768f425f
commit 6e4e1e52c0
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql
View File

@@ -17,19 +17,17 @@ import java
import semmle.code.java.frameworks.android.Intent import semmle.code.java.frameworks.android.Intent
import semmle.code.java.dataflow.FlowSources import semmle.code.java.dataflow.FlowSources
import semmle.code.java.NumberFormatException import semmle.code.java.NumberFormatException
import DataFlow::PathGraph import NfeLocalDoSFlow::PathGraph
/** /**
* Taint configuration tracking flow from untrusted inputs to number conversion calls in exported Android compononents. * Taint configuration tracking flow from untrusted inputs to number conversion calls in exported Android compononents.
*/ */
class NfeLocalDoSConfiguration extends TaintTracking::Configuration { module NfeLocalDoSConfig implements DataFlow::ConfigSig {
NfeLocalDoSConfiguration() { this = "NFELocalDoSConfiguration" }
/** Holds if source is a remote flow source */ /** Holds if source is a remote flow source */
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
/** Holds if NFE is thrown but not caught */ /** Holds if NFE is thrown but not caught */
override predicate isSink(DataFlow::Node sink) { predicate isSink(DataFlow::Node sink) {
exists(Expr e | exists(Expr e |
e.getEnclosingCallable().getDeclaringType().(ExportableAndroidComponent).isExported() and e.getEnclosingCallable().getDeclaringType().(ExportableAndroidComponent).isExported() and
throwsNfe(e) and throwsNfe(e) and
@@ -42,8 +40,10 @@ class NfeLocalDoSConfiguration extends TaintTracking::Configuration {
} }
} }
from DataFlow::PathNode source, DataFlow::PathNode sink, NfeLocalDoSConfiguration conf module NfeLocalDoSFlow = TaintTracking::Global<NfeLocalDoSConfig>;
where conf.hasFlowPath(source, sink)
from NfeLocalDoSFlow::PathNode source, NfeLocalDoSFlow::PathNode sink
where NfeLocalDoSFlow::flowPath(source, sink)
select sink.getNode(), source, sink, select sink.getNode(), source, sink,
"Uncaught NumberFormatException in an exported Android component due to $@.", source.getNode(), "Uncaught NumberFormatException in an exported Android component due to $@.", source.getNode(),
"user-provided value" "user-provided value"