From 79654592d92a5d9532b60affb3f41e1df0485383 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 8 Feb 2022 10:23:46 +0000 Subject: [PATCH] Apply suggestions from code review --- .../TempDirLocalInformationDisclosure.ql | 17 ++++++++++------- ...-file-or-directory-information-disclosure.md | 4 ++-- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql index b8cc75d37c7..29664ed0ae9 100644 --- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql @@ -72,8 +72,8 @@ private class FilesVulnerableCreationMethodAccess extends MethodAccess { * We can safely assume that any calls to these methods with explicit `PosixFilePermissions.asFileAttribute` * contains a certain level of intentionality behind it. */ -private class FilesSanitiznignCreationMethodAccess extends MethodAccess { - FilesSanitiznignCreationMethodAccess() { +private class FilesSanitizingCreationMethodAccess extends MethodAccess { + FilesSanitizingCreationMethodAccess() { exists(Method m | m = this.getMethod() and m.getDeclaringType().hasQualifiedName("java.nio.file", "Files") @@ -116,15 +116,18 @@ private class TempDirSystemGetPropertyToCreateConfig extends TaintTracking::Conf override predicate isSink(DataFlow::Node sink) { sink instanceof FileCreationSink } override predicate isSanitizer(DataFlow::Node sanitizer) { - exists(FilesSanitiznignCreationMethodAccess sanitisingMethodAccess | + exists(FilesSanitizingCreationMethodAccess sanitisingMethodAccess | sanitizer.asExpr() = sanitisingMethodAccess.getArgument(0) ) } } -// Below this, configuration for tracking single-method calls that are vulnerable. +// +// Begin configuration for tracking single-method calls that are vulnerable. +// + /** - * A MethodAccess against a method that creates a temporary file or directory in a shared temporary directory. + * A `MethodAccess` against a method that creates a temporary file or directory in a shared temporary directory. */ abstract class MethodAccessInsecureFileCreation extends MethodAccess { /** @@ -174,7 +177,7 @@ class MethodAccessInsecureGuavaFilesCreateTempFile extends MethodAccessInsecureF /** * This is a hack: we include use of inherently insecure methods, which don't have any associated - * flow path, in with results describing a path from reading java.io.tmpdir or similar to use + * flow path, in with results describing a path from reading `java.io.tmpdir` or similar to use * in a file creation op. * * We achieve this by making inherently-insecure method invocations both a source and a sink in @@ -182,7 +185,7 @@ class MethodAccessInsecureGuavaFilesCreateTempFile extends MethodAccessInsecureF * path-flow results. */ class InsecureMethodPseudoConfiguration extends DataFlow::Configuration { - InsecureMethodPseudoConfiguration() { this = "InsecureMethodPseudoConfiguration " } + InsecureMethodPseudoConfiguration() { this = "InsecureMethodPseudoConfiguration" } override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof MethodAccessInsecureFileCreation diff --git a/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md b/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md index 9206d2b60ea..8112470d2b3 100644 --- a/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md +++ b/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md @@ -1,6 +1,6 @@ --- category: newQuery --- -* Two new querys both titled "Temporary directory Local information disclosure" (`java/local-temp-file-or-directory-information-disclosure-path`, `java/local-temp-file-or-directory-information-disclosure-method`) have been added. - These queries find uses of APIs that leak potentially sensitive information to other local users via the system temporary directory. +* A new query titled "Temporary directory Local information disclosure" (`java/local-temp-file-or-directory-information-disclosure`) has been added. + This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory. This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388). \ No newline at end of file