hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update JHipster CodeQL query from code review

Browse Source
This commit is contained in:
Jonathan Leitschuh
2020-10-01 15:38:56 -04:00
parent 17603c8091
commit ab3772eaeb
2 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
View File

@@ -14,20 +14,23 @@ import semmle.code.java.frameworks.apache.Lang
private class PredictableApacheRandomStringUtilsMethod extends Method {
PredictableApacheRandomStringUtilsMethod() {
this.getDeclaringType() instanceof TypeApacheRandomStringUtils
this.getDeclaringType() instanceof TypeApacheRandomStringUtils and
// The one valid use of this type that uses SecureRandom as a source of data.
not this.getName() = "random"
}
}
private class PredictableApacheRandomStringUtilsMethodAccess extends MethodAccess {
PredictableApacheRandomStringUtilsMethodAccess() {
this.getMethod() instanceof PredictableApacheRandomStringUtilsMethod and
// The one valid use of this type that uses SecureRandom as a source of data.
not this.getMethod().getName() = "random"
this.getMethod() instanceof PredictableApacheRandomStringUtilsMethod
}
}
private class VulnerableJHipsterRandomUtilClass extends Class {
VulnerableJHipsterRandomUtilClass() { getName() = "RandomUtil" }
VulnerableJHipsterRandomUtilClass() {
// The package name that JHipster generated the 'RandomUtil' class in was dynamic. Thus 'hasQualifiedName' can not be used here.
getName() = "RandomUtil"
}
}
private class VulnerableJHipsterRandomUtilMethod extends Method {
@@ -35,14 +38,13 @@ private class VulnerableJHipsterRandomUtilMethod extends Method {
this.getDeclaringType() instanceof VulnerableJHipsterRandomUtilClass and
this.getName().matches("generate%") and
this.getReturnType() instanceof TypeString and
exists(ReturnStmt s, PredictableApacheRandomStringUtilsMethodAccess access |
s = this.getBody().(SingletonBlock).getStmt()
|
s.getResult() = access
exists(ReturnStmt s |
s = this.getBody().(SingletonBlock).getStmt() and
s.getResult() instanceof PredictableApacheRandomStringUtilsMethodAccess
)
}
}
from VulnerableJHipsterRandomUtilMethod the_method
select the_method,
"RandomUtil was generated by JHipster Generator version vulnerable to CVE-2019-16303"
from VulnerableJHipsterRandomUtilMethod method
select method,
"Weak random number generator used in security sensitive method (JHipster CVE-2019-16303)."