hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve qldoc; make taint tracking

Browse Source
This commit is contained in:
Joe Farebrother
2022-03-14 13:10:34 +00:00
parent b924de631f
commit e4b762b5c5
1 changed files with 3 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
View File

@@ -6,7 +6,7 @@ import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.SensitiveActions
import DataFlow
/** Variable keeps sensitive information judging by its name * */
/** A variable that may hold sensitive information, judging by its name. * */
class CredentialExpr extends Expr {
CredentialExpr() {
exists(Variable v | this = v.getAnAccess() |
@@ -16,14 +16,11 @@ class CredentialExpr extends Expr {
}
}
class SensitiveLoggerConfiguration extends DataFlow::Configuration {
/* A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
SensitiveLoggerConfiguration() { this = "SensitiveLoggerConfiguration" }
override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }
override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
TaintTracking::localTaintStep(node1, node2)
}
}