Deprecate sensitiveResultReceiver

2026-04-29 02:35:15 +02:00 · 2023-04-05 13:51:15 -04:00
parent 3e55c47e3e
commit ea54ea47b1
3 changed files with 27 additions and 2 deletions
--- a/java/ql/lib/change-notes/2023-04-05-deprecated-sensitive-result-receiver-predicate.md
+++ b/java/ql/lib/change-notes/2023-04-05-deprecated-sensitive-result-receiver-predicate.md
@@ -0,0 +1,5 @@
+---
+category: deprecated
+---
+* The `sensitiveResultReceiver` predicate in `SensitiveResultReceiverQuery.qll` has been deprecated and replaced with `isSensitiveResultReceiver` in order to use the new dataflow api.
+
--- a/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll
@@ -47,9 +47,29 @@ private module SensitiveResultReceiverConfig implements DataFlow::ConfigSig {
 module SensitiveResultReceiverFlow = TaintTracking::Global<SensitiveResultReceiverConfig>;

 /**
+ * DEPRECATED: Use `isSensitiveResultReceiver` instead.
+ *
 * Holds if there is a path from sensitive data at `src` to a result receiver at `sink`, and the receiver was obtained from an untrusted source `recSrc`.
 */
-predicate sensitiveResultReceiver(
+deprecated predicate sensitiveResultReceiver(
+  DataFlow::PathNode src, DataFlow::PathNode sink, DataFlow::Node recSrc
+) {
+  exists(
+    ResultReceiverSendCall call, SensitiveResultReceiverFlow::PathNode srrSrc,
+    SensitiveResultReceiverFlow::PathNode srrSink
+  |
+    src.getNode() = srrSrc.getNode() and sink.getNode() = srrSink.getNode()
+  |
+    SensitiveResultReceiverFlow::flowPath(srrSrc, srrSink) and
+    sink.getNode().asExpr() = call.getSentData() and
+    untrustedResultReceiverSend(recSrc, call)
+  )
+}
+
+/**
+ * Holds if there is a path from sensitive data at `src` to a result receiver at `sink`, and the receiver was obtained from an untrusted source `recSrc`.
+ */
+predicate isSensitiveResultReceiver(
  SensitiveResultReceiverFlow::PathNode src, SensitiveResultReceiverFlow::PathNode sink,
  DataFlow::Node recSrc
 ) {
--- a/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
+++ b/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
@@ -18,6 +18,6 @@ import SensitiveResultReceiverFlow::PathGraph
 from
  SensitiveResultReceiverFlow::PathNode src, SensitiveResultReceiverFlow::PathNode sink,
  DataFlow::Node recSrc
-where sensitiveResultReceiver(src, sink, recSrc)
+where isSensitiveResultReceiver(src, sink, recSrc)
 select sink, src, sink, "This $@ is sent to a ResultReceiver obtained from $@.", src,
  "sensitive information", recSrc, "this untrusted source"