Java: Convert other sinks

2026-06-18 19:31:11 +02:00 · 2021-03-31 10:21:12 +02:00
parent 3e53484bb3
commit 87d42b02c0
17 changed files with 303 additions and 355 deletions
--- a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
+++ b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
@@ -16,6 +16,7 @@ import java
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.security.XSS
+private import semmle.code.java.dataflow.ExternalFlow

 /**
 * One of the `printStackTrace()` overloads on `Throwable`.
@@ -37,10 +38,12 @@ class ServletWriterSourceToPrintStackTraceMethodFlowConfig extends TaintTracking

  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ServletWriterSource }

-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodAccess ma |
-      sink.asExpr() = ma.getAnArgument() and ma.getMethod() instanceof PrintStackTraceMethod
-    )
+  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "print-stack-trace") }
+}
+
+private class PrintStackTraceSinkModel extends SinkModelCsv {
+  override predicate row(string row) {
+    row = ["java.lang;Throwable;true;printStackTrace;;;Argument;print-stack-trace"]
  }
 }