hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor AndroidCertificatePinningQuery

Browse Source
This commit is contained in:
Ed Minnix
2023-03-16 21:52:40 -04:00
parent 768102ee92
commit 807588a031
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll
View File

@@ -106,10 +106,8 @@ private class MissingPinningSink extends DataFlow::Node {
}
/** Configuration for finding uses of non trusted URLs. */
private class UntrustedUrlConfig extends TaintTracking::Configuration {
UntrustedUrlConfig() { this = "UntrustedUrlConfig" }
override predicate isSource(DataFlow::Node node) {
private module UntrustedUrlConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) {
trustedDomain(_) and
exists(string lit | lit = node.asExpr().(CompileTimeConstantExpr).getStringValue() |
lit.matches("%://%") and // it's a URL
@@ -117,9 +115,11 @@ private class UntrustedUrlConfig extends TaintTracking::Configuration {
)
}
override predicate isSink(DataFlow::Node node) { node instanceof MissingPinningSink }
predicate isSink(DataFlow::Node node) { node instanceof MissingPinningSink }
}
private module UntrustedUrlFlow = TaintTracking::Make<UntrustedUrlConfig>;
/** Holds if `node` is a network communication call for which certificate pinning is not implemented. */
predicate missingPinning(DataFlow::Node node, string domain) {
isAndroid() and
@@ -127,8 +127,8 @@ predicate missingPinning(DataFlow::Node node, string domain) {
(
not trustedDomain(_) and domain = ""
or
exists(UntrustedUrlConfig conf, DataFlow::Node src |
conf.hasFlow(src, node) and
exists(DataFlow::Node src |
UntrustedUrlFlow::hasFlow(src, node) and
domain = getDomain(src.asExpr())
)
)