hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-15 15:34:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9f00a0060dec7157efbea4c4b5a1fdfacf241d88
codeql/java/ql/lib/semmle/code/java/security/SensitiveApi.qll

73 lines
2.2 KiB
Plaintext
Raw Blame History

/**
* Provides predicates defining methods that consume sensitive data, such as usernames and passwords.
*/
import java
private import semmle.code.java.dataflow.DataFlow
private import semmle.code.java.dataflow.ExternalFlow
/**
* A node that represents the use of a credential.
*/
abstract class CredentialsSinkNode extends DataFlow::Node { }
/**
* A node representing a password being passed to a method.
*/
class PasswordSink extends CredentialsSinkNode {
PasswordSink() { sinkNode(this, "credentials-password") }
}
/**
* A node representing a username being passed to a method.
*/
class UsernameSink extends CredentialsSinkNode {
UsernameSink() { sinkNode(this, "credentials-username") }
}
/**
* A node representing a cryptographic key being passed to a method.
*/
class CryptoKeySink extends CredentialsSinkNode {
CryptoKeySink() { sinkNode(this, "credentials-key") }
}
/**
* DEPRECATED: Use the `PasswordSink` class instead.
* Holds if callable `c` from a standard Java API expects a password parameter at index `i`.
*/
deprecated predicate javaApiCallablePasswordParam(Callable c, int i) {
exists(PasswordSink sink, MethodCall mc |
sink.asExpr() = mc.getArgument(i) and c = mc.getCallee()
)
}
/**
* DEPRECATED: Use the `UsernameSink` class instead.
* Holds if callable `c` from a standard Java API expects a username parameter at index `i`.
*/
deprecated predicate javaApiCallableUsernameParam(Callable c, int i) {
exists(UsernameSink sink, MethodCall mc |
sink.asExpr() = mc.getArgument(i) and c = mc.getCallee()
)
}
/**
* DEPRECATED: Use the `CryptoKeySink` class instead.
* Holds if callable `c` from a standard Java API expects a cryptographic key parameter at index `i`.
*/
deprecated predicate javaApiCallableCryptoKeyParam(Callable c, int i) {
exists(CryptoKeySink sink, MethodCall mc |
sink.asExpr() = mc.getArgument(i) and c = mc.getCallee()
)
}
/**
* DEPRECATED: Use the `CredentialsSinkNode` class instead.
* Holds if callable `c` from a known API expects a credential parameter at index `i`.
*/
deprecated predicate otherApiCallableCredentialParam(Callable c, int i) {
c.hasQualifiedName("javax.crypto.spec", "IvParameterSpec", "IvParameterSpec") and
i = 0
}
Reference in New Issue View Git Blame Copy Permalink