hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-27 17:58:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
264d6db9d71b1f5302a5a03826134623e637ff99
codeql/java/ql/lib/semmle/code/java/security/HardcodedCredentialsApiCallQuery.qll
Chris Smowton e27d62b0b4 Fix qldoc wording
2022-08-15 12:08:14 +01:00

55 lines
2.1 KiB
Plaintext
Raw Blame History

/**
* Provides a data-flow configuration for tracking a hard-coded credential in a call to a sensitive Java API which may compromise security.
*/
import java
import semmle.code.java.dataflow.DataFlow
import HardcodedCredentials
/**
* A data-flow configuration that tracks flow from a hard-coded credential in a call to a sensitive Java API which may compromise security.
*/
class HardcodedCredentialApiCallConfiguration extends DataFlow::Configuration {
HardcodedCredentialApiCallConfiguration() { this = "HardcodedCredentialApiCallConfiguration" }
override predicate isSource(DataFlow::Node n) {
n.asExpr() instanceof HardcodedExpr and
not n.asExpr().getEnclosingCallable() instanceof ToStringMethod
}
override predicate isSink(DataFlow::Node n) { n.asExpr() instanceof CredentialsApiSink }
override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
node1.asExpr().getType() instanceof TypeString and
(
exists(MethodAccess ma | ma.getMethod().hasName(["getBytes", "toCharArray"]) |
node2.asExpr() = ma and
ma.getQualifier() = node1.asExpr()
)
or
// These base64 routines are usually taint propagators, and this is not a general
// TaintTracking::Configuration, so we must specifically include them here
// as a common transform applied to a constant before passing to a remote API.
exists(MethodAccess ma |
ma.getMethod()
.hasQualifiedName([
"java.util", "cn.hutool.core.codec", "org.apache.shiro.codec",
"apache.commons.codec.binary", "org.springframework.util"
], ["Base64$Encoder", "Base64$Decoder", "Base64", "Base64Utils"],
[
"encode", "encodeToString", "decode", "decodeBase64", "encodeBase64",
"encodeBase64Chunked", "encodeBase64String", "encodeBase64URLSafe",
"encodeBase64URLSafeString"
])
|
node1.asExpr() = ma.getArgument(0) and
node2.asExpr() = ma
)
)
}
override predicate isBarrier(DataFlow::Node n) {
n.asExpr().(MethodAccess).getMethod() instanceof MethodSystemGetenv
}
}
Reference in New Issue View Git Blame Copy Permalink