hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Rewrite CleartextTransmission to use DataFlow::ConfigSig

Browse Source
This commit is contained in:
Jeroen Ketema
2023-04-03 16:44:41 +02:00
parent e8bfb87f67
commit 97575807df
2 changed files with 33 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
swift/ql/lib/codeql/swift/security/CleartextTransmissionQuery.qll
View File

@@ -13,7 +13,7 @@ import codeql.swift.security.CleartextTransmissionExtensions
* A taint configuration from sensitive information to expressions that are
* transmitted over a network.
*/
class CleartextTransmissionConfig extends TaintTracking::Configuration {
deprecated class CleartextTransmissionConfig extends TaintTracking::Configuration {
CleartextTransmissionConfig() { this = "CleartextTransmissionConfig" }
override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof SensitiveExpr }
@@ -33,3 +33,32 @@ class CleartextTransmissionConfig extends TaintTracking::Configuration {
isSource(node)
}
}
/**
* A taint configuration from sensitive information to expressions that are
* transmitted over a network.
*/
module CleartextTransmissionConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node.asExpr() instanceof SensitiveExpr }
predicate isSink(DataFlow::Node node) { node instanceof CleartextTransmissionSink }
predicate isBarrier(DataFlow::Node sanitizer) {
sanitizer instanceof CleartextTransmissionSanitizer
}
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(CleartextTransmissionAdditionalTaintStep s).step(nodeFrom, nodeTo)
}
predicate isBarrierIn(DataFlow::Node node) {
// make sources barriers so that we only report the closest instance
isSource(node)
}
}
/**
* Detect taint flow of sensitive information to expressions that are transmitted over
* a network.
*/
module CleartextTransmissionFlow = TaintTracking::Global<CleartextTransmissionConfig>;

6
swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
View File

@@ -14,10 +14,10 @@
import swift
import codeql.swift.dataflow.DataFlow
import codeql.swift.security.CleartextTransmissionQuery
import DataFlow::PathGraph
import CleartextTransmissionFlow::PathGraph
from CleartextTransmissionConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode
where config.hasFlowPath(sourceNode, sinkNode)
from CleartextTransmissionFlow::PathNode sourceNode, CleartextTransmissionFlow::PathNode sinkNode
where CleartextTransmissionFlow::flowPath(sourceNode, sinkNode)
select sinkNode.getNode(), sourceNode, sinkNode,
"This operation transmits '" + sinkNode.getNode().toString() +
"', which may contain unencrypted sensitive data from $@.", sourceNode,