hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add some type-based sanitizers to SensitiveInfoLog.ql.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2022-08-17 14:54:28 +02:00
parent 6e495ba6e5
commit c3ba632a32
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
View File

@@ -17,6 +17,14 @@ class CredentialExpr extends Expr {
}
}
/** An instantiation of a (reflexive, transitive) subtype of `java.lang.reflect.Type`. */
private class TypeType extends RefType {
pragma[nomagic]
TypeType() {
this.getSourceDeclaration().getASourceSupertype*().hasQualifiedName("java.lang.reflect", "Type")
}
}
/** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
SensitiveLoggerConfiguration() { this = "SensitiveLoggerConfiguration" }
@@ -26,7 +34,11 @@ class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }
override predicate isSanitizer(DataFlow::Node sanitizer) {
sanitizer.asExpr() instanceof LiveLiteral
sanitizer.asExpr() instanceof LiveLiteral or
sanitizer.getType() instanceof PrimitiveType or
sanitizer.getType() instanceof BoxedType or
sanitizer.getType() instanceof NumberType or
sanitizer.getType() instanceof TypeType
}
override predicate isSanitizerIn(Node node) { isSource(node) }