hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 15:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Convert trust boundary models to MaD

Browse Source
This commit is contained in:
Ed Minnix
2023-06-08 10:54:07 -04:00
parent 76438f13b6
commit a8b7e70d01
5 changed files with 31 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
View File

@@ -7,11 +7,21 @@ private import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.frameworks.Servlets
class TrustBoundaryViolationSource extends DataFlow::Node {
TrustBoundaryViolationSource() {
this instanceof RemoteFlowSource and this.asExpr().getType() instanceof HttpServletRequest
}
TrustBoundaryViolationSource() { this.asExpr().getType() instanceof HttpServletRequest }
}
class TrustBoundaryViolationSink extends DataFlow::Node {
TrustBoundaryViolationSink() { sinkNode(this, "trust-boundary") }
}
module TrustBoundaryConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof TrustBoundaryViolationSource }
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
n2.asExpr().(MethodAccess).getQualifier() = n1.asExpr()
}
predicate isSink(DataFlow::Node sink) { sink instanceof TrustBoundaryViolationSink }
}
module TrustBoundaryFlow = TaintTracking::Global<TrustBoundaryConfig>;