hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-11 09:49:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Split up hardcoded creds queries, ready for conversion to inline expectations

Browse Source
This commit is contained in:
Chris Smowton
2022-05-30 21:06:45 +01:00
parent 0a6ccbca45
commit ddb0846e06
10 changed files with 150 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
java/ql/lib/semmle/code/java/security/HardcodedCredentialsComparison.qll Normal file
View File

@@ -0,0 +1,25 @@
/**
* Provides classes and predicates to detect comparing a parameter to a hard-coded credential.
*/
import HardcodedCredentials
/**
* A call to a method that is or overrides `java.lang.Object.equals`.
*/
class EqualsAccess extends MethodAccess {
EqualsAccess() { getMethod() instanceof EqualsMethod }
}
/**
* Holds if `sink` compares password `p` against a hardcoded expression `source`.
*/
predicate isHardcodedCredentialsComparison(
EqualsAccess sink, HardcodedExpr source, PasswordVariable p
) {
source = sink.getQualifier() and
p.getAnAccess() = sink.getArgument(0)
or
source = sink.getArgument(0) and
p.getAnAccess() = sink.getQualifier()
}