mirror of
https://github.com/github/codeql.git
synced 2026-05-19 05:37:10 +02:00
33 lines
1.1 KiB
Plaintext
33 lines
1.1 KiB
Plaintext
/**
|
|
* @name Number of Solorigate-related method names is above the threshold
|
|
* @description The total number of Solorigate-related method names found in the code is above a threshold, which may indicate that an external agent has tampered with the code.
|
|
* It is recommended to review the code and verify that there is no unexpected code in this project.
|
|
* @kind problem
|
|
* @tags security
|
|
* solorigate
|
|
* @problem.severity warning
|
|
* @precision medium
|
|
* @id cs/solorigate/number-of-known-method-names-above-threshold
|
|
*/
|
|
|
|
import csharp
|
|
import Solorigate
|
|
|
|
/*
|
|
* Returns the total number of Solorigate-related method names found in the project
|
|
*/
|
|
|
|
int countSolorigateSuspiciousMethodNames() {
|
|
result = count(string s | s = any(Method m | isSolorigateSuspiciousMethodName(m)).getName())
|
|
}
|
|
|
|
from Method m, int total, int threshold
|
|
where
|
|
total = countSolorigateSuspiciousMethodNames() and
|
|
threshold = 50 and // out of ~ 100 known names
|
|
isSolorigateSuspiciousMethodName(m) and
|
|
total > threshold
|
|
select m,
|
|
"This method may be related to Solorigate. Total count = " + total + " is above the threshold " +
|
|
threshold + "."
|