hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 23:14:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Swift: Use DataFlow::ConfigSig in HardcodedEncryptionKey.ql

Browse Source
This commit is contained in:
Jeroen Ketema
2023-03-28 17:37:05 +02:00
parent 1592b578d9
commit cc23ba3698
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
View File

@@ -13,7 +13,7 @@
import swift
import codeql.swift.dataflow.DataFlow
import codeql.swift.dataflow.TaintTracking
import DataFlow::PathGraph
import HardcodedKeyFlow::PathGraph
/**
* An `Expr` that is used to initialize a key.
@@ -62,17 +62,17 @@ class EncryptionKeySink extends Expr {
* A taint configuration from the key source to expressions that use
* it to initialize a cipher.
*/
class HardcodedKeyConfig extends TaintTracking::Configuration {
HardcodedKeyConfig() { this = "HardcodedKeyConfig" }
module HardcodedKeyConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node.asExpr() instanceof KeySource }
override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof KeySource }
override predicate isSink(DataFlow::Node node) { node.asExpr() instanceof EncryptionKeySink }
predicate isSink(DataFlow::Node node) { node.asExpr() instanceof EncryptionKeySink }
}
module HardcodedKeyFlow = TaintTracking::Global<HardcodedKeyConfig>;
// The query itself
from HardcodedKeyConfig config, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode
where config.hasFlowPath(sourceNode, sinkNode)
from HardcodedKeyFlow::PathNode sourceNode, HardcodedKeyFlow::PathNode sinkNode
where HardcodedKeyFlow::flowPath(sourceNode, sinkNode)
select sinkNode.getNode(), sourceNode, sinkNode,
"The key '" + sinkNode.getNode().toString() +
"' has been initialized with hard-coded values from $@.", sourceNode,