hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor RandomQuery.qll

Browse Source
This commit is contained in:
Ed Minnix
2023-03-20 16:53:31 -04:00
parent 2698b61514
commit c67b984fff
1 changed files with 9 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
java/ql/lib/semmle/code/java/security/RandomQuery.qll
View File

@@ -2,7 +2,7 @@
import java import java
import semmle.code.java.dataflow.DefUse import semmle.code.java.dataflow.DefUse
import semmle.code.java.dataflow.DataFlow6 import semmle.code.java.dataflow.DataFlow
import RandomDataSource import RandomDataSource
/** /**
@@ -29,20 +29,18 @@ private predicate isSeeded(RValue use) {
) )
} }
private class PredictableSeedFlowConfiguration extends DataFlow6::Configuration { private module PredictableSeedFlowConfig implements DataFlow::ConfigSig {
PredictableSeedFlowConfiguration() { this = "Random::PredictableSeedFlowConfiguration" } predicate isSource(DataFlow::Node source) { source.asExpr() instanceof PredictableSeedExpr }
override predicate isSource(DataFlow6::Node source) { predicate isSink(DataFlow::Node sink) { isSeeding(sink.asExpr(), _) }
source.asExpr() instanceof PredictableSeedExpr
}
override predicate isSink(DataFlow6::Node sink) { isSeeding(sink.asExpr(), _) } predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
override predicate isAdditionalFlowStep(DataFlow6::Node node1, DataFlow6::Node node2) {
predictableCalcStep(node1.asExpr(), node2.asExpr()) predictableCalcStep(node1.asExpr(), node2.asExpr())
} }
} }
private module PredictableSeedFlow = DataFlow::Global<PredictableSeedFlowConfig>;
private predicate predictableCalcStep(Expr e1, Expr e2) { private predicate predictableCalcStep(Expr e1, Expr e2) {
e2.(BinaryExpr).hasOperands(e1, any(PredictableSeedExpr p)) e2.(BinaryExpr).hasOperands(e1, any(PredictableSeedExpr p))
or or
@@ -81,7 +79,7 @@ private predicate predictableCalcStep(Expr e1, Expr e2) {
private predicate safelySeeded(RValue use) { private predicate safelySeeded(RValue use) {
exists(Expr arg | exists(Expr arg |
isSeeding(arg, use) and isSeeding(arg, use) and
not exists(PredictableSeedFlowConfiguration conf | conf.hasFlowToExpr(arg)) not PredictableSeedFlow::flowToExpr(arg)
) )
or or
exists(GetRandomData da, RValue seeduse | exists(GetRandomData da, RValue seeduse |
@@ -118,9 +116,7 @@ private predicate isSeeding(Expr arg, RValue use) {
private predicate isSeedingSource(Expr arg, RValue use, Expr source) { private predicate isSeedingSource(Expr arg, RValue use, Expr source) {
isSeeding(arg, use) and isSeeding(arg, use) and
exists(PredictableSeedFlowConfiguration conf | PredictableSeedFlow::flow(DataFlow::exprNode(source), DataFlow::exprNode(arg))
conf.hasFlow(DataFlow6::exprNode(source), DataFlow6::exprNode(arg))
)
} }
private predicate isRandomSeeding(MethodAccess m, Expr arg) { private predicate isRandomSeeding(MethodAccess m, Expr arg) {