From 67d292cd08b43bd7a5ee3005dcd2878760af1f36 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 23 Apr 2024 13:55:19 +0200 Subject: [PATCH] Fixup sources. --- .../lib/semmle/code/java/dataflow/ApiSources.qll | 14 +++++++++----- .../java/security/CleartextStorageCookieQuery.qll | 9 ++++++++- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/ApiSources.qll b/java/ql/lib/semmle/code/java/dataflow/ApiSources.qll index 7f89c7843b326..83f4142464dea 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ApiSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ApiSources.qll @@ -17,12 +17,14 @@ private module ApiSources { private import semmle.code.java.security.ArbitraryApkInstallation as ArbitraryApkInstallation private import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery as CleartextStorageAndroidDatabaseQuery private import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery as CleartextStorageAndroidFilesystemQuery + private import semmle.code.java.security.CleartextStorageCookieQuery as CleartextStorageCookieQuery private import semmle.code.java.security.CleartextStorageSharedPrefsQuery as CleartextStorageSharedPrefsQuery private import semmle.code.java.security.ImplicitPendingIntentsQuery as ImplicitPendingIntentsQuery private import semmle.code.java.security.ImproperIntentVerificationQuery as ImproperIntentVerificationQuery - private import semmle.code.java.security.InsecureTrustManagerQuery as InsecureTrustManagerQuery - private import semmle.code.java.security.MissingJWTSignatureCheckQuery as MissingJWTSignatureCheckQuery + private import semmle.code.java.security.InsecureTrustManager as InsecureTrustManager + private import semmle.code.java.security.JWT as Jwt private import semmle.code.java.security.XSS as Xss + // TODO: Check below. private import semmle.code.java.security.StackTraceExposureQuery as StackTraceExposureQuery private import semmle.code.java.security.UnsafeCertTrustQuery as UnsafeCertTrustQuery private import semmle.code.java.security.ZipSlipQuery as ZipSlipQuery @@ -38,6 +40,9 @@ private module ApiSources { private class CleartextStorageAndroidFilesystemQuerySources extends SourceNode instanceof CleartextStorageAndroidFilesystemQuery::LocalFileOpenCallSource { } + private class CleartextStorageCookieQuerySources extends SourceNode instanceof CleartextStorageCookieQuery::CookieSource + { } + private class CleartextStorageSharedPrefsQuerySources extends SourceNode instanceof CleartextStorageSharedPrefsQuery::SharedPreferencesEditorMethodCallSource { } @@ -47,11 +52,10 @@ private module ApiSources { private class ImproperIntentVerificationQuerySources extends SourceNode instanceof ImproperIntentVerificationQuery::VerifiedIntentConfigSource { } - private class InsecureTrustManagerQuerySources extends SourceNode instanceof InsecureTrustManagerQuery::InsecureTrustManagerSource + private class InsecureTrustManagerSources extends SourceNode instanceof InsecureTrustManager::InsecureTrustManagerSource { } - private class MissingJWTSignatureCheckQuerySources extends SourceNode instanceof MissingJWTSignatureCheckQuery::JwtParserWithInsecureParseSource - { } + private class JwtSources extends SourceNode instanceof Jwt::JwtParserWithInsecureParseSource { } private class XssSources extends SourceNode instanceof Xss::XssVulnerableWriterSourceNode { } diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll index e38fa37381593..379d52eb54972 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll @@ -37,6 +37,13 @@ private predicate cookieStore(DataFlow::Node cookie, Expr store) { ) } +/** + * A class of cookie source nodes. + */ +class CookieSource extends DataFlow::Node { + CookieSource() { this.asExpr() instanceof Cookie } +} + /** * A class of cookie store sink nodes. */ @@ -45,7 +52,7 @@ class CookieStoreSink extends DataFlow::Node { } private module CookieToStoreFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node src) { src.asExpr() instanceof Cookie } + predicate isSource(DataFlow::Node src) { src instanceof CookieSource } predicate isSink(DataFlow::Node sink) { sink instanceof CookieStoreSink } }