hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Introduce a class of dataflow nodes for the threat modeling.

Browse Source
This commit is contained in:
Michael Nebel
2023-09-19 14:13:33 +02:00
parent 2684a22484
commit 9a112dde66
4 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll
View File

@@ -26,6 +26,6 @@ private string getChildThreatModel(string group) { threatModelGrouping(result, g
* Holds if the source model kind `kind` is relevant for generic queries * Holds if the source model kind `kind` is relevant for generic queries
* under the current threat model configuration. * under the current threat model configuration.
*/ */
predicate sourceModelKindConfig(string kind) { predicate currentThreatModel(string kind) {
exists(string group | supportedThreatModels(group) and kind = getChildThreatModel*(group)) exists(string group | supportedThreatModels(group) and kind = getChildThreatModel*(group))
} }

29
java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -29,6 +29,35 @@ import semmle.code.java.frameworks.struts.StrutsActions
import semmle.code.java.frameworks.Thrift import semmle.code.java.frameworks.Thrift
import semmle.code.java.frameworks.javaee.jsf.JSFRenderer import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
private import semmle.code.java.dataflow.ExternalFlow private import semmle.code.java.dataflow.ExternalFlow
private import semmle.code.java.dataflow.ExternalFlowConfiguration
/**
* A data flow source.
*/
abstract class SourceNode extends DataFlow::Node {
/**
* Gets a string that represents the source kind with respect to threat modeling.
*/
abstract string getThreatModel();
}
/**
* A class of data flow sources that respects the
* current threat model configuration.
*/
class ThreatModelFlowSource extends DataFlow::Node {
ThreatModelFlowSource() {
// Expansive threat model.
currentThreatModel("all") and
(this instanceof SourceNode or sourceNode(this, _))
or
exists(string kind |
// Specific threat model.
currentThreatModel(kind) and
(this.(SourceNode).getThreatModel() = kind or sourceNode(this, kind))
)
}
}
/** A data flow source of remote user input. */ /** A data flow source of remote user input. */
abstract class RemoteFlowSource extends DataFlow::Node { abstract class RemoteFlowSource extends DataFlow::Node {

2
java/ql/test/library-tests/dataflow/threat-models/threat-models1.ql
View File

@@ -1,5 +1,5 @@
import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
query predicate supportedThreatModels(string kind) { query predicate supportedThreatModels(string kind) {
ExternalFlowConfiguration::sourceModelKindConfig(kind) ExternalFlowConfiguration::currentThreatModel(kind)
} }

2
java/ql/test/library-tests/dataflow/threat-models/threat-models2.ql
View File

@@ -1,5 +1,5 @@
import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
query predicate supportedThreatModels(string kind) { query predicate supportedThreatModels(string kind) {
ExternalFlowConfiguration::sourceModelKindConfig(kind) ExternalFlowConfiguration::currentThreatModel(kind)
} }