hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: Fix tests and make modules private

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2023-03-08 13:35:25 +01:00
parent 2288eab0fd
commit e7f85673e9
4 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll
View File

@@ -35,7 +35,7 @@ deprecated class RequestForgeryConfiguration extends TaintTracking::Configuratio
/**
* A taint-tracking configuration characterising request-forgery risks.
*/
module RequestForgeryConfiguration implements DataFlow::ConfigSig {
private module RequestForgeryConfiguration implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source instanceof RemoteFlowSource and
// Exclude results of remote HTTP requests: fetching something else based on that result

2
java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
View File

@@ -49,7 +49,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati
}
/** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
module SensitiveLoggerConfiguration implements DataFlow::ConfigSig {
private module SensitiveLoggerConfiguration implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }

10
java/ql/test/query-tests/security/CWE-532/SensitiveLogInfo.ql
View File

@@ -2,14 +2,10 @@ import java
import TestUtilities.InlineFlowTest
import semmle.code.java.security.SensitiveLoggingQuery
class EnableLegacy extends EnableLegacyConfiguration {
EnableLegacy() { exists(this) }
}
class HasFlowTest extends InlineFlowTest {
override DataFlow::Configuration getTaintFlowConfig() {
result instanceof SensitiveLoggerConfiguration
override predicate hasTaintFlow(DataFlow::Node src, DataFlow::Node sink) {
SensitiveLoggerFlow::hasFlow(src, sink)
}
override DataFlow::Configuration getValueFlowConfig() { none() }
override predicate hasValueFlow(DataFlow::Node src, DataFlow::Node sink) { none() }
}

3
java/ql/test/query-tests/security/CWE-918/RequestForgery.ql
View File

@@ -9,7 +9,8 @@ class HasFlowTest extends InlineExpectationsTest {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "SSRF" and
exists(RequestForgeryConfiguration conf, DataFlow::Node sink | conf.hasFlowTo(sink) |
exists(DataFlow::Node sink |
RequestForgeryFlow::hasFlowTo(sink) and
sink.getLocation() = location and
element = sink.toString() and
value = ""