hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Deprecate StringLiteral.getRepresentedString()

Browse Source
This commit is contained in:
Marcono1234
2021-10-29 14:50:15 +02:00
parent 3a1836c9f6
commit bfb9577d15
27 changed files with 104 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
View File

@@ -17,14 +17,14 @@ import DataFlow
import PathGraph
private class ShortStringLiteral extends StringLiteral {
ShortStringLiteral() { getRepresentedString().length() < 100 }
ShortStringLiteral() { getValue().length() < 100 }
}
class BrokenAlgoLiteral extends ShortStringLiteral {
BrokenAlgoLiteral() {
getRepresentedString().regexpMatch(getInsecureAlgorithmRegex()) and
getValue().regexpMatch(getInsecureAlgorithmRegex()) and
// Exclude German and French sentences.
not getRepresentedString().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
not getValue().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
}
}
@@ -48,4 +48,4 @@ where
source.getNode().asExpr() = s and
conf.hasFlowPath(source, sink)
select c, source, sink, "Cryptographic algorithm $@ is weak and should not be used.", s,
s.getRepresentedString()
s.getValue()

8
java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
View File

@@ -18,14 +18,14 @@ import semmle.code.java.dispatch.VirtualDispatch
import PathGraph
private class ShortStringLiteral extends StringLiteral {
ShortStringLiteral() { getRepresentedString().length() < 100 }
ShortStringLiteral() { getValue().length() < 100 }
}
class InsecureAlgoLiteral extends ShortStringLiteral {
InsecureAlgoLiteral() {
// Algorithm identifiers should be at least two characters.
getRepresentedString().length() > 1 and
exists(string s | s = getRepresentedString() |
getValue().length() > 1 and
exists(string s | s = getValue() |
not s.regexpMatch(getSecureAlgorithmRegex()) and
// Exclude results covered by another query.
not s.regexpMatch(getInsecureAlgorithmRegex())
@@ -72,4 +72,4 @@ where
conf.hasFlowPath(source, sink)
select c, source, sink,
"Cryptographic algorithm $@ may not be secure, consider using a different algorithm.", s,
s.getRepresentedString()
s.getValue()

2
java/ql/src/Security/CWE/CWE-798/HardcodedCredentials.qll
View File

@@ -31,7 +31,7 @@ private class HardcodedCharArray extends ArrayCreationExpr {
*/
class HardcodedExpr extends Expr {
HardcodedExpr() {
this.(StringLiteral).getRepresentedString() != "" or
this.(StringLiteral).getValue() != "" or
this instanceof HardcodedByteArray or
this instanceof HardcodedCharArray
}