mirror of
https://github.com/github/codeql.git
synced 2026-04-28 10:15:14 +02:00
Use the sensitive info sink
This commit is contained in:
luchua-bc
@@ -41,7 +41,7 @@ class SensitiveGetQueryConfiguration extends TaintTracking::Configuration {
|
||||
|
||||
override predicate isSource(DataFlow::Node source) { source instanceof GetHttpRequestSource }
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SensitiveExpr }
|
||||
override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof SensitiveInfoExpr }
|
||||
|
||||
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(MethodAccess ma |
|
||||
|
||||
@@ -1,60 +1,40 @@
|
||||
edges
|
||||
| SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object |
|
||||
| SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | SensitiveGetQuery2.java:14:30:14:48 | get(...) |
|
||||
| SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object |
|
||||
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | SensitiveGetQuery2.java:15:29:15:36 | password |
|
||||
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | SensitiveGetQuery2.java:15:29:15:36 | password : Object |
|
||||
| SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object | SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object |
|
||||
| SensitiveGetQuery2.java:15:29:15:36 | password : Object | SensitiveGetQuery2.java:18:40:18:54 | password : Object |
|
||||
| SensitiveGetQuery2.java:18:40:18:54 | password : Object | SensitiveGetQuery2.java:19:61:19:68 | password |
|
||||
| SensitiveGetQuery3.java:11:41:11:47 | request : HttpServletRequest | SensitiveGetQuery3.java:12:41:12:47 | request : HttpServletRequest |
|
||||
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | SensitiveGetQuery3.java:13:57:13:64 | password |
|
||||
| SensitiveGetQuery3.java:12:41:12:47 | request : HttpServletRequest | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) |
|
||||
| SensitiveGetQuery3.java:12:41:12:47 | request : HttpServletRequest | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String |
|
||||
| SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) |
|
||||
| SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String |
|
||||
| SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password |
|
||||
| SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password : String |
|
||||
| SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) |
|
||||
| SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String |
|
||||
| SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password |
|
||||
| SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password : String |
|
||||
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password |
|
||||
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | SensitiveGetQuery.java:14:29:14:36 | password : String |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password : String | SensitiveGetQuery.java:17:40:17:54 | password : String |
|
||||
| SensitiveGetQuery.java:17:40:17:54 | password : String | SensitiveGetQuery.java:18:61:18:68 | password |
|
||||
nodes
|
||||
| SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | semmle.label | request : HttpServletRequest |
|
||||
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | semmle.label | (...)... : Object |
|
||||
| SensitiveGetQuery2.java:14:30:14:48 | get(...) | semmle.label | get(...) |
|
||||
| SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object | semmle.label | get(...) : Object |
|
||||
| SensitiveGetQuery2.java:15:29:15:36 | password | semmle.label | password |
|
||||
| SensitiveGetQuery2.java:15:29:15:36 | password : Object | semmle.label | password : Object |
|
||||
| SensitiveGetQuery2.java:18:40:18:54 | password : Object | semmle.label | password : Object |
|
||||
| SensitiveGetQuery2.java:19:61:19:68 | password | semmle.label | password |
|
||||
| SensitiveGetQuery3.java:11:41:11:47 | request : HttpServletRequest | semmle.label | request : HttpServletRequest |
|
||||
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) | semmle.label | getRequestParameter(...) |
|
||||
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | semmle.label | getRequestParameter(...) : String |
|
||||
| SensitiveGetQuery3.java:12:41:12:47 | request : HttpServletRequest | semmle.label | request : HttpServletRequest |
|
||||
| SensitiveGetQuery3.java:13:57:13:64 | password | semmle.label | password |
|
||||
| SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | semmle.label | request : HttpServletRequest |
|
||||
| SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | semmle.label | request : HttpServletRequest |
|
||||
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) | semmle.label | getParameter(...) |
|
||||
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password | semmle.label | password |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password : String | semmle.label | password : String |
|
||||
| SensitiveGetQuery.java:17:40:17:54 | password : String | semmle.label | password : String |
|
||||
| SensitiveGetQuery.java:18:61:18:68 | password | semmle.label | password |
|
||||
#select
|
||||
| SensitiveGetQuery2.java:14:30:14:48 | get(...) | SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | SensitiveGetQuery2.java:14:30:14:48 | get(...) | $@ uses GET request method with sensitive information. | SensitiveGetQuery2.java:12:13:12:19 | request | sensitive query string |
|
||||
| SensitiveGetQuery2.java:15:29:15:36 | password | SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | SensitiveGetQuery2.java:15:29:15:36 | password | $@ uses GET request method with sensitive information. | SensitiveGetQuery2.java:12:13:12:19 | request | sensitive query string |
|
||||
| SensitiveGetQuery2.java:19:61:19:68 | password | SensitiveGetQuery2.java:12:13:12:19 | request : HttpServletRequest | SensitiveGetQuery2.java:19:61:19:68 | password | $@ uses GET request method with sensitive information. | SensitiveGetQuery2.java:12:13:12:19 | request | sensitive query string |
|
||||
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) | SensitiveGetQuery3.java:11:41:11:47 | request : HttpServletRequest | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) | $@ uses GET request method with sensitive information. | SensitiveGetQuery3.java:11:41:11:47 | request | sensitive query string |
|
||||
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) | SensitiveGetQuery3.java:12:41:12:47 | request : HttpServletRequest | SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) | $@ uses GET request method with sensitive information. | SensitiveGetQuery3.java:12:41:12:47 | request | sensitive query string |
|
||||
| SensitiveGetQuery3.java:13:57:13:64 | password | SensitiveGetQuery3.java:11:41:11:47 | request : HttpServletRequest | SensitiveGetQuery3.java:13:57:13:64 | password | $@ uses GET request method with sensitive information. | SensitiveGetQuery3.java:11:41:11:47 | request | sensitive query string |
|
||||
| SensitiveGetQuery3.java:13:57:13:64 | password | SensitiveGetQuery3.java:12:41:12:47 | request : HttpServletRequest | SensitiveGetQuery3.java:13:57:13:64 | password | $@ uses GET request method with sensitive information. | SensitiveGetQuery3.java:12:41:12:47 | request | sensitive query string |
|
||||
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) | SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) | $@ uses GET request method with sensitive information. | SensitiveGetQuery.java:11:21:11:27 | request | sensitive query string |
|
||||
| SensitiveGetQuery.java:12:21:12:52 | getParameter(...) | SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | SensitiveGetQuery.java:12:21:12:52 | getParameter(...) | $@ uses GET request method with sensitive information. | SensitiveGetQuery.java:12:21:12:27 | request | sensitive query string |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password | SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password | $@ uses GET request method with sensitive information. | SensitiveGetQuery.java:11:21:11:27 | request | sensitive query string |
|
||||
| SensitiveGetQuery.java:14:29:14:36 | password | SensitiveGetQuery.java:12:21:12:27 | request : HttpServletRequest | SensitiveGetQuery.java:14:29:14:36 | password | $@ uses GET request method with sensitive information. | SensitiveGetQuery.java:12:21:12:27 | request | sensitive query string |
|
||||
| SensitiveGetQuery.java:18:61:18:68 | password | SensitiveGetQuery.java:11:21:11:27 | request : HttpServletRequest | SensitiveGetQuery.java:18:61:18:68 | password | $@ uses GET request method with sensitive information. | SensitiveGetQuery.java:11:21:11:27 | request | sensitive query string |
|
||||
|
||||
Reference in New Issue
Block a user