From 327dab69d05961b597ff0b57042a0326085897df Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 17 Jun 2024 11:02:08 +0200 Subject: [PATCH 1/3] Java: Opt-in the tainted permissions check query to threat models. --- .../semmle/code/java/security/TaintedPermissionsCheckQuery.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll index 92aba6dfa04c..132e8a3fadf2 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll @@ -54,7 +54,7 @@ private class WildCardPermissionConstruction extends ClassInstanceExpr, Permissi * A configuration for tracking flow from user input to a permissions check. */ module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source instanceof UserInput } + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } predicate isSink(DataFlow::Node sink) { sink.asExpr() = any(PermissionsConstruction p).getInput() From c3862660e465d8419e01a3822aa8b6040b3e1778 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 17 Jun 2024 11:07:29 +0200 Subject: [PATCH 2/3] Java: Add change note. --- .../src/change-notes/2024-06-17-tainted-permissions-check.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md diff --git a/java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md b/java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md new file mode 100644 index 000000000000..d521b2420986 --- /dev/null +++ b/java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Enable threat models for the query `java/tainted-permissions-check`. This means that `local` sources are no longer included by default for this query, but can be added by enabling the `local` threat model. From 5686efd25c33417b6bcf35147e2f4c77b4d36da3 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 17 Jun 2024 16:47:22 +0200 Subject: [PATCH 3/3] Update java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com> --- .../ql/src/change-notes/2024-06-17-tainted-permissions-check.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md b/java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md index d521b2420986..3cef94d4523c 100644 --- a/java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md +++ b/java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Enable threat models for the query `java/tainted-permissions-check`. This means that `local` sources are no longer included by default for this query, but can be added by enabling the `local` threat model. +* The query `java/tainted-permissions-check` now uses threat models. This means that `local` sources are no longer included by default for this query, but can be added by enabling the `local` threat model.