hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0f606d987dd4437dd8ab707a6628cb290f303049
codeql/java/ql/lib/semmle/code/java/security/CleartextStoragePropertiesQuery.qll
Tony Torralba a30554e97c Refactored cleartext storage libraries
2021-09-23 10:42:30 +02:00

63 lines
2.0 KiB
Plaintext
Raw Blame History

/** Provides classes and predicates to reason about cleartext storage in Properties files. */
import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.frameworks.Properties
import semmle.code.java.security.CleartextStorageQuery
private class PropertiesCleartextStorageSink extends CleartextStorageSink {
PropertiesCleartextStorageSink() {
exists(MethodAccess m |
m.getMethod() instanceof PropertiesSetPropertyMethod and this.asExpr() = m.getArgument(1)
)
}
}
/** The instantiation of a `Properties` object, which can be stored to disk. */
class Properties extends Storable, ClassInstanceExpr {
Properties() { this.getConstructor().getDeclaringType() instanceof TypeProperty }
/** Gets an input, for example `input` in `props.setProperty("password", input);`. */
override Expr getAnInput() {
exists(PropertiesFlowConfig conf, DataFlow::Node n |
propertiesInput(n, result) and
conf.hasFlow(DataFlow::exprNode(this), n)
)
}
/** Gets a store, for example `props.store(outputStream, "...")`. */
override Expr getAStore() {
exists(PropertiesFlowConfig conf, DataFlow::Node n |
propertiesStore(n, result) and
conf.hasFlow(DataFlow::exprNode(this), n)
)
}
}
private predicate propertiesInput(DataFlow::Node prop, Expr input) {
exists(MethodAccess m |
m.getMethod() instanceof PropertiesSetPropertyMethod and
input = m.getArgument(1) and
prop.asExpr() = m.getQualifier()
)
}
private predicate propertiesStore(DataFlow::Node prop, Expr store) {
exists(MethodAccess m |
m.getMethod() instanceof PropertiesStoreMethod and
store = m and
prop.asExpr() = m.getQualifier()
)
}
private class PropertiesFlowConfig extends DataFlow::Configuration {
PropertiesFlowConfig() { this = "PropertiesFlowConfig" }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof Properties }
override predicate isSink(DataFlow::Node sink) {
propertiesInput(sink, _) or
propertiesStore(sink, _)
}
}
Reference in New Issue View Git Blame Copy Permalink