hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor RandomQuery.qll

Browse Source
This commit is contained in:
Ed Minnix
2023-03-20 16:53:31 -04:00
parent 2698b61514
commit c67b984fff
1 changed files with 9 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
java/ql/lib/semmle/code/java/security/RandomQuery.qll
View File

@@ -2,7 +2,7 @@
import java
import semmle.code.java.dataflow.DefUse
import semmle.code.java.dataflow.DataFlow6
import semmle.code.java.dataflow.DataFlow
import RandomDataSource
/**
@@ -29,20 +29,18 @@ private predicate isSeeded(RValue use) {
)
}
private class PredictableSeedFlowConfiguration extends DataFlow6::Configuration {
PredictableSeedFlowConfiguration() { this = "Random::PredictableSeedFlowConfiguration" }
private module PredictableSeedFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof PredictableSeedExpr }
override predicate isSource(DataFlow6::Node source) {
source.asExpr() instanceof PredictableSeedExpr
}
predicate isSink(DataFlow::Node sink) { isSeeding(sink.asExpr(), _) }
override predicate isSink(DataFlow6::Node sink) { isSeeding(sink.asExpr(), _) }
override predicate isAdditionalFlowStep(DataFlow6::Node node1, DataFlow6::Node node2) {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
predictableCalcStep(node1.asExpr(), node2.asExpr())
}
}
private module PredictableSeedFlow = DataFlow::Global<PredictableSeedFlowConfig>;
private predicate predictableCalcStep(Expr e1, Expr e2) {
e2.(BinaryExpr).hasOperands(e1, any(PredictableSeedExpr p))
or
@@ -81,7 +79,7 @@ private predicate predictableCalcStep(Expr e1, Expr e2) {
private predicate safelySeeded(RValue use) {
exists(Expr arg |
isSeeding(arg, use) and
not exists(PredictableSeedFlowConfiguration conf | conf.hasFlowToExpr(arg))
not PredictableSeedFlow::flowToExpr(arg)
)
or
exists(GetRandomData da, RValue seeduse |
@@ -118,9 +116,7 @@ private predicate isSeeding(Expr arg, RValue use) {
private predicate isSeedingSource(Expr arg, RValue use, Expr source) {
isSeeding(arg, use) and
exists(PredictableSeedFlowConfiguration conf |
conf.hasFlow(DataFlow6::exprNode(source), DataFlow6::exprNode(arg))
)
PredictableSeedFlow::flow(DataFlow::exprNode(source), DataFlow::exprNode(arg))
}
private predicate isRandomSeeding(MethodAccess m, Expr arg) {