hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

limit additional flow steps in rb/hardcoded-credentials to string concatenation

Browse Source
This commit is contained in:
Alex Ford
2021-06-10 14:59:28 +01:00
parent fe45dadd55
commit 8839d4c584
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ql/src/queries/security/cwe-798/HardcodedCredentials.ql
View File

@@ -136,13 +136,14 @@ class HardcodedCredentialsConfiguration extends DataFlow::Configuration {
override predicate isSink(DataFlow::Node sink) { sink instanceof CredentialSink }
override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
// e.g. string concatenation
exists(ExprNodes::BinaryOperationCfgNode binop |
(
binop.getLeftOperand() = node1.asExpr() or
binop.getRightOperand() = node1.asExpr()
) and
binop = node2.asExpr()
binop = node2.asExpr() and
// string concatenation
binop.getExpr() instanceof AddExpr
)
}
}