hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add support for implicit field read flows

Browse Source
This commit is contained in:
Tony Torralba
2021-10-05 16:42:25 +02:00
parent e58a8587db
commit 7f85dae63b
2 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll
View File

@@ -23,10 +23,19 @@ class ImplicitPendingIntentStartConf extends TaintTracking::Configuration {
sanitizer instanceof ExplicitIntentSanitizer
}
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
exists(Field f |
f.getType() instanceof PendingIntent and
node1.(DataFlow::PostUpdateNode).getPreUpdateNode() =
DataFlow::getFieldQualifier(f.getAnAccess().(FieldWrite)) and
node2.asExpr().(FieldRead).getField() = f
)
}
override predicate allowImplicitRead(DataFlow::Node node, DataFlow::Content c) {
super.allowImplicitRead(node, c)
or
this.isSink(node)
super.allowImplicitRead(node, c) or
this.isSink(node) or
this.isAdditionalTaintStep(node, _)
}
}