merge duplicate module into a module file

2026-04-23 07:45:17 +02:00 · 2024-07-31 11:04:03 +02:00
parent 701e3d7e53
commit c6814fcf47
3 changed files with 47 additions and 90 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.ql
@@ -12,50 +12,7 @@

 import java
 import semmle.code.java.dataflow.FlowSources
-
-module JwtAuth0 {
-  class PayloadType extends RefType {
-    PayloadType() { this.hasQualifiedName("com.auth0.jwt.interfaces", "Payload") }
-  }
-
-  class JwtType extends RefType {
-    JwtType() { this.hasQualifiedName("com.auth0.jwt", "JWT") }
-  }
-
-  class JwtVerifierType extends RefType {
-    JwtVerifierType() { this.hasQualifiedName("com.auth0.jwt", "JWTVerifier") }
-  }
-
-  /**
-   * A Method that returns a Decoded Claim of JWT
-   */
-  class GetPayload extends MethodCall {
-    GetPayload() {
-      this.getCallee().getDeclaringType() instanceof PayloadType and
-      this.getCallee().hasName(["getClaim", "getIssuedAt"])
-    }
-  }
-
-  /**
-   * A Method that Decode JWT without signature verification
-   */
-  class Decode extends MethodCall {
-    Decode() {
-      this.getCallee().getDeclaringType() instanceof JwtType and
-      this.getCallee().hasName("decode")
-    }
-  }
-
-  /**
-   * A Method that Decode JWT with signature verification
-   */
-  class Verify extends MethodCall {
-    Verify() {
-      this.getCallee().getDeclaringType() instanceof JwtVerifierType and
-      this.getCallee().hasName("verify")
-    }
-  }
-}
+import JwtAuth0 as JwtAuth0

 module JwtDecodeConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
--- a/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifierLocalSource.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifierLocalSource.ql
@@ -12,54 +12,11 @@

 import java
 import semmle.code.java.dataflow.FlowSources
+import JwtAuth0 as JwtAuth0

-module JwtAuth0 {
-  class PayloadType extends RefType {
-    PayloadType() { this.hasQualifiedName("com.auth0.jwt.interfaces", "Payload") }
-  }
-
-  class JwtType extends RefType {
-    JwtType() { this.hasQualifiedName("com.auth0.jwt", "JWT") }
-  }
-
-  class JwtVerifierType extends RefType {
-    JwtVerifierType() { this.hasQualifiedName("com.auth0.jwt", "JWTVerifier") }
-  }
-
-  /**
-   * A Method that returns a Decoded Claim of JWT
-   */
-  class GetPayload extends MethodCall {
-    GetPayload() {
-      this.getCallee().getDeclaringType() instanceof PayloadType and
-      this.getCallee().hasName(["getClaim", "getIssuedAt"])
-    }
-  }
-
-  /**
-   * A Method that Decode JWT without signature verification
-   */
-  class Decode extends MethodCall {
-    Decode() {
-      this.getCallee().getDeclaringType() instanceof JwtType and
-      this.getCallee().hasName("decode")
-    }
-  }
-
-  /**
-   * A Method that Decode JWT with signature verification
-   */
-  class Verify extends MethodCall {
-    Verify() {
-      this.getCallee().getDeclaringType() instanceof JwtVerifierType and
-      this.getCallee().hasName("verify")
-    }
-  }
-}

 module JwtDecodeConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
-   
    exists(Variable v |
      source.asExpr() = v.getInitializer() and
      v.getType().hasName("String")
@@ -89,11 +46,11 @@ module JwtDecodeConfig implements DataFlow::ConfigSig {
 }

 module FlowToJwtVerifyConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { 
+  predicate isSource(DataFlow::Node source) {
    exists(Variable v |
      source.asExpr() = v.getInitializer() and
      v.getType().hasName("String")
-    ) 
+    )
  }

  predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(JwtAuth0::Verify a).getArgument(0) }
--- a/java/ql/src/experimental/Security/CWE/CWE-347/JwtAuth0.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-347/JwtAuth0.qll
@@ -0,0 +1,43 @@
+import java
+
+class PayloadType extends RefType {
+  PayloadType() { this.hasQualifiedName("com.auth0.jwt.interfaces", "Payload") }
+}
+
+class JwtType extends RefType {
+  JwtType() { this.hasQualifiedName("com.auth0.jwt", "JWT") }
+}
+
+class JwtVerifierType extends RefType {
+  JwtVerifierType() { this.hasQualifiedName("com.auth0.jwt", "JWTVerifier") }
+}
+
+/**
+ * A Method that returns a Decoded Claim of JWT
+ */
+class GetPayload extends MethodCall {
+  GetPayload() {
+    this.getCallee().getDeclaringType() instanceof PayloadType and
+    this.getCallee().hasName(["getClaim", "getIssuedAt"])
+  }
+}
+
+/**
+ * A Method that Decode JWT without signature verification
+ */
+class Decode extends MethodCall {
+  Decode() {
+    this.getCallee().getDeclaringType() instanceof JwtType and
+    this.getCallee().hasName("decode")
+  }
+}
+
+/**
+ * A Method that Decode JWT with signature verification
+ */
+class Verify extends MethodCall {
+  Verify() {
+    this.getCallee().getDeclaringType() instanceof JwtVerifierType and
+    this.getCallee().hasName("verify")
+  }
+}