Chris Smowton
120f2045cd
Document XXE sanitisation policy
2021-11-24 12:03:28 +00:00
Anders Schack-Mulligen
a3b263ee6e
Merge pull request #7181 from bmuskalla/coverageAsDiagnostics
...
Java: Add diagnostic query for framework coverage
2021-11-24 10:57:50 +01:00
luchua-bc
e56737e007
Use value step to optimize the taint step and add a test case for Apache file upload listener
2021-11-23 17:15:28 +00:00
Benjamin Muskalla
50518b5622
Fix sum of rows
2021-11-23 10:42:24 +01:00
luchua-bc
ed78d39d61
Move duplicate code to the shared library and update qldoc
2021-11-23 03:06:26 +00:00
Benjamin Muskalla
cd39d15b40
Simplify diagnostic query
2021-11-19 12:28:24 +01:00
Benjamin Muskalla
fb9b16325d
Add diagnostic query for framework coverage
2021-11-19 10:30:59 +01:00
luchua-bc
b6a6ed5ba3
Add a recommendation category query for local user input and check Apache file upload
2021-11-19 04:23:19 +00:00
Erik Krogh Kristensen
011fc20963
use matches instead of regexpMatch
2021-11-18 15:41:25 +01:00
Anders Schack-Mulligen
22ebe68b1b
Merge pull request #7132 from aschackmull/java/overrides
...
Java: Fix overrides to not be transitive.
2021-11-17 15:38:11 +01:00
Benjamin Muskalla
0e6bb28016
Only consider store steps
2021-11-16 10:46:24 +01:00
Benjamin Muskalla
fd9199c0c0
Simplify handling of tainting fields
2021-11-15 16:40:09 +01:00
Benjamin Muskalla
d7ed325b3f
Refactor content flow into predicate
2021-11-15 16:30:55 +01:00
Benjamin Muskalla
f4310898b3
Capture sources flowing into parameters
2021-11-15 16:28:28 +01:00
Anders Schack-Mulligen
1cd42ea668
Java: Fix test and some references.
2021-11-15 16:03:04 +01:00
Benjamin Muskalla
8040d9cfcf
Only consider true return statements as sinks
2021-11-15 15:29:01 +01:00
Benjamin Muskalla
e6e52a3b32
190
2021-11-15 15:18:03 +01:00
Benjamin Muskalla
dc022430ee
Remove superflous instanceof
2021-11-15 13:07:02 +01:00
Benjamin Muskalla
412bd32f45
Move more predicates into configuration
2021-11-15 13:04:23 +01:00
Benjamin Muskalla
b84c03672d
Prefer types to TargetAPI
2021-11-15 12:43:46 +01:00
Benjamin Muskalla
bca6cecd1c
Remove basic support for lambda flow
2021-11-15 12:38:30 +01:00
Benjamin Muskalla
78e3906ea7
Exclude more JDK internals
2021-11-15 11:58:10 +01:00
Benjamin Muskalla
cce3780481
Restrict param2return value features
2021-11-15 09:57:23 +01:00
Benjamin Muskalla
a0b7f267ff
Only capture taint from own fields
...
Also exclude `Charset` as relevant taint-carrying type. This is generally
what we want to lets us avoid tracking arguments that lead to FP.
2021-11-12 10:15:15 +01:00
Benjamin Muskalla
0234e77d2f
Let sink node be pluggable in any call context
2021-11-12 09:43:05 +01:00
Benjamin Muskalla
b8809a20d8
Support propagating taint of inner object
2021-11-12 09:39:59 +01:00
Benjamin Muskalla
2d4176bec0
Ignore Number-derived types
2021-11-10 16:30:27 +01:00
Benjamin Muskalla
dbd393b77a
Support flow into field of referenced objects
2021-11-10 16:30:27 +01:00
Benjamin Muskalla
974c7b0898
Avoid cross-class flow for field writes
2021-11-10 16:30:26 +01:00
Benjamin Muskalla
74ac234f1c
Restrict field access to same type
2021-11-10 16:30:26 +01:00
Benjamin Muskalla
8740e879b4
Fix docs
2021-11-10 16:30:26 +01:00
Benjamin Muskalla
a546b38ee0
Restrict field access to corresponding type
2021-11-10 16:30:26 +01:00
Benjamin Muskalla
6960a7b97e
Remove extraneous last column
2021-11-10 16:30:25 +01:00
Benjamin Muskalla
ef972159a6
Fix bug when generating output in a subfolder
2021-11-10 16:30:25 +01:00
Benjamin Muskalla
4cfd978bfe
Support generating in respective folders
2021-11-10 16:30:25 +01:00
Benjamin Muskalla
b92758883b
Auto-format generated qll files
2021-11-10 16:30:25 +01:00
Benjamin Muskalla
e2bd792fc2
Consider bulk-like data for argument accessors
2021-11-10 16:30:25 +01:00
Benjamin Muskalla
739fe75194
Support flow for factory and strategy pattern
...
* Support models for factories that create
new instances of an object while tainting it with incoming data
* Support models to infer super types for
private implementations to expose the models
at the right level
2021-11-10 16:30:24 +01:00
Benjamin Muskalla
58de6d143f
Add docs to explain the models captured by the predicates
2021-11-10 16:30:24 +01:00
Benjamin Muskalla
747ab122c3
Restrict fluent api models to same type access
2021-11-10 16:30:24 +01:00
Benjamin Muskalla
8564c9001a
Fix naming for source nodes
2021-11-10 16:30:24 +01:00
Benjamin Muskalla
9500c9c8bc
Support lambda flow for source models
...
Also rely on public API to detect the source node
2021-11-10 16:30:24 +01:00
Benjamin Muskalla
35baa1c3df
Support bulkdata for boxed types as well
2021-11-10 16:30:23 +01:00
Benjamin Muskalla
83b4070f31
Fix bug to accept bulk data for char/byte arrays
2021-11-10 16:30:23 +01:00
Benjamin Muskalla
281f25403d
Match enclosing unit without casting to specific nodes
2021-11-10 16:30:23 +01:00
Benjamin Muskalla
bc10fd94cb
Support generating only specific models
2021-11-10 16:30:23 +01:00
Benjamin Muskalla
0e9fcc6c39
Only generate models for local supertypes
...
Avoid generating models for classes
implementing external SPI (e.g. `FileFilter`).
Keep `toString` models intact as they're
commonly used as taint-propagation method
(e.g. see `Joiner`).
2021-11-10 16:30:23 +01:00
Benjamin Muskalla
157f56f48a
Capture model for defining interface
...
Instead of modeling individual implementations, take a more general
approach of reuse dataflows for interfaces defined by a library. This allows
tracking flows across all implementations and aligns better with how we
manually model frameworks. This may have some FPs given all possible flows
are modeled for a specific interface but also covers more scenarios where
we don't know which implementation of an interface is used.
2021-11-10 16:30:22 +01:00
Benjamin Muskalla
f36bb8baaf
Exclude models for simpler types
...
Avoid generating models for types that can't really propagate taint
in a valuable way (e.g. primitivies, BigInt, ..). Keep tracking
bulk-like data (e.g. char[] or byte[]).
2021-11-10 16:30:22 +01:00
Benjamin Muskalla
842f617bc1
Order sinks and sources first
2021-11-10 16:30:22 +01:00
