hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Fix FP in UseSSL.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2018-12-04 17:44:05 +01:00
parent ca72c8ebfe
commit d3fcfb0957
4 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/src/Security/CWE/CWE-319/UseSSL.ql
View File

@@ -10,6 +10,7 @@
*/
import java
import semmle.code.java.dataflow.TypeFlow
import semmle.code.java.security.Encryption
class URLConnection extends RefType {
@@ -27,11 +28,15 @@ from MethodAccess m, Class c, string type
where
m.getQualifier().getType() = c and
(
(c instanceof URLConnection and type = "connection")
c instanceof URLConnection and type = "connection"
or
(c instanceof Socket and type = "socket")
c instanceof Socket and type = "socket"
) and
not c instanceof SSLClass and
not exists(RefType t |
exprTypeFlow(m.getQualifier(), t, _) and
t instanceof SSLClass
) and
(
m.getMethod().getName() = "getInputStream" or
m.getMethod().getName() = "getOutputStream"