hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.3
codeql/java/ql/lib/semmle/code/java/security/SensitiveDataExposureThroughErrorMessageQuery.qll

35 lines
1.2 KiB
Plaintext
Raw Permalink Blame History

/** Provides predicates to reason about exposure of error messages. */
import java
private import semmle.code.java.dataflow.FlowSources
private import semmle.code.java.security.InformationLeak
/**
* A get message source node.
*/
private class GetMessageFlowSource extends ApiSourceNode {
GetMessageFlowSource() {
exists(Method method | this.asExpr().(MethodCall).getMethod() = method |
method.hasName("getMessage") and
method.hasNoParameters() and
method.getDeclaringType().hasQualifiedName("java.lang", "Throwable")
)
}
}
private module GetMessageFlowSourceToHttpResponseSinkFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src instanceof GetMessageFlowSource }
predicate isSink(DataFlow::Node sink) { sink instanceof InformationLeakSink }
}
private module GetMessageFlowSourceToHttpResponseSinkFlow =
TaintTracking::Global<GetMessageFlowSourceToHttpResponseSinkFlowConfig>;
/**
* Holds if there is a call to `getMessage()` that then flows to a servlet response.
*/
predicate getMessageFlowsExternally(DataFlow::Node externalExpr, GetMessageFlowSource getMessage) {
GetMessageFlowSourceToHttpResponseSinkFlow::flow(getMessage, externalExpr)
}
Reference in New Issue View Git Blame Copy Permalink