hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate sensitiveResultReceiver

Browse Source
This commit is contained in:
Ed Minnix
2023-04-05 13:51:15 -04:00
parent 3e55c47e3e
commit ea54ea47b1
3 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
java/ql/lib/semmle/code/java/security/SensitiveResultReceiverQuery.qll
View File

@@ -47,9 +47,29 @@ private module SensitiveResultReceiverConfig implements DataFlow::ConfigSig {
module SensitiveResultReceiverFlow = TaintTracking::Global<SensitiveResultReceiverConfig>;
/**
* DEPRECATED: Use `isSensitiveResultReceiver` instead.
*
* Holds if there is a path from sensitive data at `src` to a result receiver at `sink`, and the receiver was obtained from an untrusted source `recSrc`.
*/
predicate sensitiveResultReceiver(
deprecated predicate sensitiveResultReceiver(
DataFlow::PathNode src, DataFlow::PathNode sink, DataFlow::Node recSrc
) {
exists(
ResultReceiverSendCall call, SensitiveResultReceiverFlow::PathNode srrSrc,
SensitiveResultReceiverFlow::PathNode srrSink
|
src.getNode() = srrSrc.getNode() and sink.getNode() = srrSink.getNode()
|
SensitiveResultReceiverFlow::flowPath(srrSrc, srrSink) and
sink.getNode().asExpr() = call.getSentData() and
untrustedResultReceiverSend(recSrc, call)
)
}
/**
* Holds if there is a path from sensitive data at `src` to a result receiver at `sink`, and the receiver was obtained from an untrusted source `recSrc`.
*/
predicate isSensitiveResultReceiver(
SensitiveResultReceiverFlow::PathNode src, SensitiveResultReceiverFlow::PathNode sink,
DataFlow::Node recSrc
) {