Java: Identify more APIs as supported in the telemetry queries (as QL defined sources).

2026-03-04 06:36:46 +01:00 · 2024-04-22 11:21:13 +02:00
parent 06f987ad58
commit acb2bbb2a3
11 changed files with 143 additions and 23 deletions
--- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll
@@ -79,8 +79,15 @@ private class CloseFileMethod extends Method {
  }
 }

+/**
+ * A class of local file open call source nodes.
+ */
+class LocalFileOpenCallSource extends DataFlow::Node {
+  LocalFileOpenCallSource() { this.asExpr() instanceof LocalFileOpenCall }
+}
+
 private module FilesystemFlowConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof LocalFileOpenCall }
+  predicate isSource(DataFlow::Node src) { src instanceof LocalFileOpenCallSource }

  predicate isSink(DataFlow::Node sink) {
    filesystemInput(sink, _) or