mirror of
https://github.com/github/codeql.git
synced 2026-04-26 01:05:15 +02:00
Apply suggestions from code review
- Update CleartextStorage library to latest refactor - Move change note to new location
This commit is contained in:
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* The query "Cleartext storage of sensitive information using `SharedPreferences` on Android" (`java/android/cleartext-storage-shared-prefs`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4675).
|
||||
@@ -45,7 +45,7 @@ class SharedPreferencesEditorMethodAccess extends Storable, MethodAccess {
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `input` is not encrypted and is the second argument of a setter method
|
||||
* Holds if `input` is the second argument of a setter method
|
||||
* called on `editor`, which is an instance of `SharedPreferences$Editor`
|
||||
* .
|
||||
*/
|
||||
@@ -53,7 +53,6 @@ private predicate sharedPreferencesInput(DataFlow::Node editor, Expr input) {
|
||||
exists(MethodAccess m |
|
||||
m.getMethod() instanceof PutSharedPreferenceMethod and
|
||||
input = m.getArgument(1) and
|
||||
not exists(EncryptedValueFlowConfig conf | conf.hasFlow(_, DataFlow::exprNode(input))) and
|
||||
editor.asExpr() = m.getQualifier()
|
||||
)
|
||||
}
|
||||
@@ -91,14 +90,3 @@ private class EncryptedSensitiveMethodAccess extends MethodAccess {
|
||||
this.getMethod().getName().toLowerCase().matches(["%encrypt%", "%hash%"])
|
||||
}
|
||||
}
|
||||
|
||||
/** Flow configuration for encryption methods flowing to inputs of `SharedPreferences`. */
|
||||
private class EncryptedValueFlowConfig extends DataFlow4::Configuration {
|
||||
EncryptedValueFlowConfig() { this = "SensitiveStorage::EncryptedValueFlowConfig" }
|
||||
|
||||
override predicate isSource(DataFlow::Node src) {
|
||||
src.asExpr() instanceof EncryptedSensitiveMethodAccess
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink instanceof SharedPrefsCleartextStorageSink }
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user