hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor InsecureRmiJmxEnvironmentConfiguration

Browse Source
This commit is contained in:
Ed Minnix
2023-04-12 10:04:01 -04:00
parent 6e4e1e52c0
commit 7002ed5303
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql
View File

@@ -32,12 +32,10 @@ predicate isRmiOrJmxServerCreateMethod(Method method) {
* `map.put("jmx.remote.rmi.server.credential.types", value)` call
* to an RMI or JMX initialisation call.
*/
class SafeFlow extends DataFlow::Configuration {
SafeFlow() { this = "MapToPutCredentialstypeConfiguration" }
module SafeFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { putsCredentialtypesKey(source.asExpr()) }
override predicate isSource(DataFlow::Node source) { putsCredentialtypesKey(source.asExpr()) }
override predicate isSink(DataFlow::Node sink) {
predicate isSink(DataFlow::Node sink) {
exists(Call c |
isRmiOrJmxServerCreateConstructor(c.getCallee()) or
isRmiOrJmxServerCreateMethod(c.getCallee())
@@ -71,6 +69,8 @@ class SafeFlow extends DataFlow::Configuration {
}
}
module SafeFlow = DataFlow::Global<SafeFlowConfig>;
/** Gets a string describing why the application is vulnerable, depending on if the vulnerability is present due to a) a null environment b) an insecurely set environment map */
string getRmiResult(Expr e) {
// We got a Map so we have a source and a sink node
@@ -87,5 +87,5 @@ from Call c, Expr envArg
where
(isRmiOrJmxServerCreateConstructor(c.getCallee()) or isRmiOrJmxServerCreateMethod(c.getCallee())) and
envArg = c.getArgument(1) and
not any(SafeFlow conf).hasFlowToExpr(envArg)
not SafeFlow::flowToExpr(envArg)
select c, getRmiResult(envArg), envArg, envArg.toString()