From 807588a031ff065fbd0335666a7f4699ba4612f2 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Thu, 16 Mar 2023 21:52:40 -0400 Subject: [PATCH] Refactor AndroidCertificatePinningQuery --- .../security/AndroidCertificatePinningQuery.qll | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll index 70dc1a7a328..cd8ccdf6758 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll @@ -106,10 +106,8 @@ private class MissingPinningSink extends DataFlow::Node { } /** Configuration for finding uses of non trusted URLs. */ -private class UntrustedUrlConfig extends TaintTracking::Configuration { - UntrustedUrlConfig() { this = "UntrustedUrlConfig" } - - override predicate isSource(DataFlow::Node node) { +private module UntrustedUrlConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { trustedDomain(_) and exists(string lit | lit = node.asExpr().(CompileTimeConstantExpr).getStringValue() | lit.matches("%://%") and // it's a URL @@ -117,9 +115,11 @@ private class UntrustedUrlConfig extends TaintTracking::Configuration { ) } - override predicate isSink(DataFlow::Node node) { node instanceof MissingPinningSink } + predicate isSink(DataFlow::Node node) { node instanceof MissingPinningSink } } +private module UntrustedUrlFlow = TaintTracking::Make; + /** Holds if `node` is a network communication call for which certificate pinning is not implemented. */ predicate missingPinning(DataFlow::Node node, string domain) { isAndroid() and @@ -127,8 +127,8 @@ predicate missingPinning(DataFlow::Node node, string domain) { ( not trustedDomain(_) and domain = "" or - exists(UntrustedUrlConfig conf, DataFlow::Node src | - conf.hasFlow(src, node) and + exists(DataFlow::Node src | + UntrustedUrlFlow::hasFlow(src, node) and domain = getDomain(src.asExpr()) ) )