hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Deprecate RemoteUserInput.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2019-05-06 13:43:58 +02:00
parent 10a6362357
commit f367427fb8
16 changed files with 21 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
View File

@@ -20,7 +20,7 @@ import DataFlow::PathGraph
class TaintedPathConfig extends TaintTracking::Configuration {
TaintedPathConfig() { this = "TaintedPathConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
exists(Expr e | e = sink.asExpr() | e = any(PathCreation p).getInput() and not guarded(e))

2
java/ql/src/Security/CWE/CWE-078/ExecCommon.qll
View File

@@ -6,7 +6,7 @@ private class RemoteUserInputToArgumentToExecFlowConfig extends TaintTracking::C
this = "ExecCommon::RemoteUserInputToArgumentToExecFlowConfig"
}
override predicate isSource(DataFlow::Node src) { src instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof ArgumentToExec }

2
java/ql/src/Security/CWE/CWE-079/XSS.ql
View File

@@ -18,7 +18,7 @@ import DataFlow2::PathGraph
class XSSConfig extends TaintTracking::Configuration2 {
XSSConfig() { this = "XSSConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof XssSink }

2
java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll
View File

@@ -49,7 +49,7 @@ class PersistenceQueryInjectionSink extends QueryInjectionSink {
private class QueryInjectionFlowConfig extends TaintTracking::Configuration {
QueryInjectionFlowConfig() { this = "SqlInjectionLib::QueryInjectionFlowConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof QueryInjectionSink }

2
java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
View File

@@ -18,7 +18,7 @@ class ResponseSplittingConfig extends TaintTracking::Configuration {
ResponseSplittingConfig() { this = "ResponseSplittingConfig" }
override predicate isSource(DataFlow::Node source) {
source instanceof RemoteUserInput and
source instanceof RemoteFlowSource and
not source instanceof WhitelistedSource
}

2
java/ql/src/Security/CWE/CWE-113/ResponseSplitting.qll
View File

@@ -30,7 +30,7 @@ class HeaderSplittingSink extends DataFlow::ExprNode {
}
}
class WhitelistedSource extends RemoteUserInput {
class WhitelistedSource extends DataFlow::ExprNode {
WhitelistedSource() {
this.asExpr().(MethodAccess).getMethod() instanceof HttpServletRequestGetHeaderMethod or
this.asExpr().(MethodAccess).getMethod() instanceof CookieGetNameMethod

2
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
View File

@@ -17,7 +17,7 @@ import DataFlow::PathGraph
class Conf extends TaintTracking::Configuration {
Conf() { this = "RemoteUserInputTocanThrowOutOfBoundsDueToEmptyArrayConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
any(CheckableArrayAccess caa).canThrowOutOfBoundsDueToEmptyArray(sink.asExpr(), _)

2
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
View File

@@ -17,7 +17,7 @@ import DataFlow::PathGraph
class Conf extends TaintTracking::Configuration {
Conf() { this = "RemoteUserInputTocanThrowOutOfBoundsDueToEmptyArrayConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
any(CheckableArrayAccess caa).canThrowOutOfBounds(sink.asExpr())

2
java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
View File

@@ -17,7 +17,7 @@ import DataFlow::PathGraph
class ExternallyControlledFormatStringConfig extends TaintTracking::Configuration {
ExternallyControlledFormatStringConfig() { this = "ExternallyControlledFormatStringConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
sink.asExpr() = any(StringFormat formatCall).getFormatArgument()

2
java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
View File

@@ -32,7 +32,7 @@ predicate sink(ArithExpr exp, VarAccess tainted, string effect) {
class RemoteUserInputConfig extends TaintTracking::Configuration {
RemoteUserInputConfig() { this = "ArithmeticTainted.ql:RemoteUserInputConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink(_, sink.asExpr(), _) }

2
java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
View File

@@ -18,7 +18,7 @@ import DataFlow::PathGraph
class UnsafeDeserializationConfig extends TaintTracking::Configuration {
UnsafeDeserializationConfig() { this = "UnsafeDeserializationConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeDeserializationSink }
}

2
java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
View File

@@ -18,7 +18,7 @@ import DataFlow::PathGraph
class UrlRedirectConfig extends TaintTracking::Configuration {
UrlRedirectConfig() { this = "UrlRedirectConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof UrlRedirectSink }
}

2
java/ql/src/Security/CWE/CWE-611/XXE.ql
View File

@@ -40,7 +40,7 @@ class UnsafeXxeSink extends DataFlow::ExprNode {
class XxeConfig extends TaintTracking::Configuration {
XxeConfig() { this = "XXE.ql::XxeConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeXxeSink }
}

2
java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
View File

@@ -19,7 +19,7 @@ import DataFlow::PathGraph
private class NumericCastFlowConfig extends TaintTracking::Configuration {
NumericCastFlowConfig() { this = "NumericCastTainted::RemoteUserInputToNumericNarrowingCastExpr" }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteUserInput }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
sink.asExpr() = any(NumericNarrowingCastExpr cast).getExpr()

8
java/ql/src/semmle/code/java/dataflow/FlowSources.qll
View File

@@ -143,8 +143,12 @@ private class ThriftIfaceParameterSource extends RemoteFlowSource {
/** Class for `tainted` user input. */
abstract class UserInput extends DataFlow::Node { }
/** Input that may be controlled by a remote user. */
class RemoteUserInput extends UserInput {
/**
* DEPRECATED: Use `RemoteFlowSource` instead.
*
* Input that may be controlled by a remote user.
*/
deprecated class RemoteUserInput extends UserInput {
RemoteUserInput() { this instanceof RemoteFlowSource }
/**