hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Insecure-TLS: Use DataFlow::Node::getRoot, and factor getEnclosingFunction

Browse Source
This commit is contained in:
Chris Smowton
2020-07-28 11:55:03 +01:00
parent 2751552cbe
commit 9b4e189374
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ql/src/experimental/CWE-327/InsecureTLS.ql
View File

@@ -239,8 +239,8 @@ where
// Exclude sources or sinks that occur lexically within a block related to a feature or legacy flag
not astNodeIsFlag([source, sink].getNode().asExpr().getParent*(), [featureFlag(), legacyFlag()]) and
// Exclude results in functions whose name documents insecurity
not exists(FuncDef fn | fn = sink.getNode().asInstruction().getRoot() |
isFeatureFlagName(fn.getEnclosingFunction*().getName()) or
isLegacyFlagName(fn.getEnclosingFunction*().getName())
not exists(FuncDef fn | fn = sink.getNode().getRoot().getEnclosingFunction*() |
isFeatureFlagName(fn.getName()) or
isLegacyFlagName(fn.getName())
)
select sink.getNode(), source, sink, message