hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Refactor InsecureWebResourceResponse

Browse Source
This commit is contained in:
Ed Minnix
2023-04-12 12:33:36 -04:00
parent 074745315c
commit e3f6bc043d
1 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql
View File

@@ -16,19 +16,20 @@ import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.PathSanitizer import semmle.code.java.security.PathSanitizer
import AndroidWebResourceResponse import AndroidWebResourceResponse
import DataFlow::PathGraph import InsecureWebResourceResponseFlow::PathGraph
class InsecureWebResourceResponseConfig extends TaintTracking::Configuration { module InsecureWebResourceResponseConfig implements DataFlow::ConfigSig {
InsecureWebResourceResponseConfig() { this = "InsecureWebResourceResponseConfig" } predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof WebResourceResponseSink }
override predicate isSink(DataFlow::Node sink) { sink instanceof WebResourceResponseSink } predicate isBarrier(DataFlow::Node node) { node instanceof PathInjectionSanitizer }
override predicate isSanitizer(DataFlow::Node node) { node instanceof PathInjectionSanitizer }
} }
from DataFlow::PathNode source, DataFlow::PathNode sink, InsecureWebResourceResponseConfig conf module InsecureWebResourceResponseFlow = TaintTracking::Global<InsecureWebResourceResponseConfig>;
where conf.hasFlowPath(source, sink)
from
InsecureWebResourceResponseFlow::PathNode source, InsecureWebResourceResponseFlow::PathNode sink
where InsecureWebResourceResponseFlow::flowPath(source, sink)
select sink.getNode(), source, sink, "Leaking arbitrary content in Android from $@.", select sink.getNode(), source, sink, "Leaking arbitrary content in Android from $@.",
source.getNode(), "this user input" source.getNode(), "this user input"