hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Replace convertBytesToString with models

Browse Source
This commit is contained in:
Ed Minnix
2023-10-25 23:14:45 -04:00
parent e9ca4a25d4
commit 7241e0920c
2 changed files with 2 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/lib/ext/org.owasp.esapi.model.yml
View File

@@ -3,4 +3,5 @@ extensions:
pack: codeql/java-all
extensible: summaryModel
data:
- ["org.owasp.esapi", "Encoder", true, "encodeForHTML", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.owasp.esapi", "Encoder", true, "encodeForHTML", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["org.owasp.esapi", "Encoder", true, "encodeForBase64", "(byte[],boolean)", "", "Argument[0]", "ReturnValue", "taint", "manual"]

11
java/ql/lib/semmle/code/java/security/WeakRandomnessQuery.qll
View File

@@ -65,15 +65,6 @@ private class SensitiveActionSink extends WeakRandomnessSink {
private class CredentialsSink extends WeakRandomnessSink instanceof CredentialsSinkNode { }
/**
* Holds if there is a method access which converts `bytes` to the string `str`.
*/
private predicate covertsBytesToString(DataFlow::Node bytes, DataFlow::Node str) {
bytes.getType().(Array).getElementType().(PrimitiveType).hasName("byte") and
str.getType() instanceof TypeString and
exists(MethodCall mc | mc = str.asExpr() | bytes.asExpr() = mc.getAnArgument())
}
/**
* A taint-tracking configuration for weak randomness.
*/
@@ -88,8 +79,6 @@ module WeakRandomnessConfig implements DataFlow::ConfigSig {
n1.asExpr() = n2.asExpr().(BinaryExpr).getAnOperand()
or
n1.asExpr() = n2.asExpr().(UnaryExpr).getExpr()
or
covertsBytesToString(n1, n2)
}
}