mirror of
https://github.com/github/codeql.git
synced 2026-06-09 06:58:50 +02:00
35 lines
1.1 KiB
Plaintext
35 lines
1.1 KiB
Plaintext
/** Provides taint tracking configurations to be used in Trust Manager queries. */
|
|
|
|
import java
|
|
import semmle.code.java.dataflow.FlowSources
|
|
import semmle.code.java.security.InsecureTrustManager
|
|
|
|
/**
|
|
* A configuration to model the flow of an insecure `TrustManager`
|
|
* to the initialization of an SSL context.
|
|
*/
|
|
module InsecureTrustManagerConfig implements DataFlow::ConfigSig {
|
|
predicate isSource(DataFlow::Node source) { source instanceof InsecureTrustManagerSource }
|
|
|
|
predicate isSink(DataFlow::Node sink) { sink instanceof InsecureTrustManagerSink }
|
|
|
|
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
|
|
(isSink(node) or isAdditionalFlowStep(node, _)) and
|
|
node.getType() instanceof Array and
|
|
c instanceof DataFlow::ArrayContent
|
|
}
|
|
|
|
predicate observeDiffInformedIncrementalMode() { any() }
|
|
|
|
Location getASelectedSourceLocation(DataFlow::Node source) {
|
|
isSource(source) and
|
|
(
|
|
result = source.getLocation()
|
|
or
|
|
result = source.asExpr().(ClassInstanceExpr).getConstructedType().getLocation()
|
|
)
|
|
}
|
|
}
|
|
|
|
module InsecureTrustManagerFlow = DataFlow::Global<InsecureTrustManagerConfig>;
|