hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use more precise control flow logic

Browse Source
This commit is contained in:
Joe Farebrother
2022-07-26 16:29:49 +01:00
parent e9f9e681ef
commit dd83c17144
1 changed files with 3 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/lib/semmle/code/java/security/AndroidWebViewCertificateValidationQuery.qll
View File

@@ -14,13 +14,6 @@ class OnReceivedSslErrorMethod extends Method {
Parameter handlerArg() { result = this.getParameter(1) }
}
/** A call to `SslErrorHandler.cancel` */
private class SslCancelCall extends MethodAccess {
SslCancelCall() {
this.getMethod().hasQualifiedName("android.webkit", "SslErrorHandler", "cancel")
}
}
/** A call to `SslErrorHandler.proceed` */
private class SslProceedCall extends MethodAccess {
SslProceedCall() {
@@ -30,6 +23,7 @@ private class SslProceedCall extends MethodAccess {
/** Holds if `m` trusts all certificates by calling `SslErrorHandler.proceed` unconditionally. */
predicate trustsAllCerts(OnReceivedSslErrorMethod m) {
exists(SslProceedCall pr | pr.getQualifier().(VarAccess).getVariable() = m.handlerArg()) and
not exists(SslCancelCall ca | ca.getQualifier().(VarAccess).getVariable() = m.handlerArg())
exists(SslProceedCall pr | pr.getQualifier().(VarAccess).getVariable() = m.handlerArg() |
pr.getBasicBlock().bbPostDominates(m.getBody().getBasicBlock())
)
}