Skip to content

Java: Add/improve insecure trustmanager query #4879

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
smowton merged 28 commits into from
Jun 25, 2021
Merged

Java: Add/improve insecure trustmanager query #4879

Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
87554a7
Java: Add insecure trust manager query.
intrigus Dec 23, 2020
1b96d0a
Java: Remove overlapping code
intrigus Dec 23, 2020
592fd1e
Java: Accept test changes
intrigus Jan 16, 2021
f52e438
Java: Apply suggestions from code review
intrigus-lgtm Jan 27, 2021
030c286
Java: Use machine-in-the-middle consistently
intrigus-lgtm Jan 27, 2021
d37d922
Java: Fix Typos
intrigus Jan 27, 2021
8a7f6b7
Java: Apply suggestions for QHelp
intrigus Jan 27, 2021
e4775e0
Java: Remove "intention-guessing" sanitizer & simplify.
intrigus Apr 10, 2021
6d09db6
Java: Explicitly list custom flow steps.
intrigus Apr 10, 2021
7023793
Java: Fix compilation errors in test.
intrigus Apr 12, 2021
484533c
Java: Flag "intentionally" unsafe methods in tests.
intrigus Apr 12, 2021
6413af4
Java: Expand tests.
intrigus Apr 13, 2021
281e085
Java: Accept test changes.
intrigus Apr 13, 2021
0c1ce74
Java: Switch from tabs to spaces.
intrigus Apr 15, 2021
45cec3d
Java: Use `this` consistently in QL classes.
intrigus Apr 15, 2021
4a00670
Java: Reduce long comment.
intrigus Apr 15, 2021
6f217d3
Java: Apply suggestions from review.
intrigus Apr 15, 2021
51fdcf8
Apply suggestions from code review
intrigus-lgtm Apr 28, 2021
dc0b06a
Java: Factor out `SecurityFlag` library.
intrigus Apr 28, 2021
6bfdf8d
Java: Fix qhelp errors.
intrigus Apr 28, 2021
f0d4b1d
Java: Add change-note.
intrigus May 4, 2021
f527df7
Apply suggestions from code review.
intrigus-lgtm May 5, 2021
fe923fa
Java: Move comments to separate lines.
intrigus May 5, 2021
36575bb
Move back to experimental.........
intrigus Jun 17, 2021
5106aec
Fix test location.
intrigus Jun 17, 2021
be57aec
Remove change-note.
intrigus Jun 17, 2021
a79356e
Apply suggestions from code review
aschackmull Jun 25, 2021
5aa711a
Accept test changes.
intrigus Jun 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Apply suggestions from code review
  • Loading branch information
@aschackmull @intrigus
aschackmull authored and intrigus committed Jun 25, 2021
commit a79356e31632c5d9a098add7e1f78143bbe8513f
28 changes: 15 additions & 13 deletions java/ql/src/semmle/code/java/security/SecurityFlag.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,32 +15,34 @@ abstract class FlagKind extends string {
FlagKind() { any() }

/**
* Returns a flag name of this type.
* Gets a flag name of this type.
*/
bindingset[result]
abstract string getAFlagName();

/** Gets a node representing a (likely) security flag. */
DataFlow::Node getAFlag() {
exists(VarAccess v | v.getVariable().getName() = getAFlagName() |
result.asExpr() = v and v.getType() instanceof FlagType
exists(DataFlow::Node flag |
exists(VarAccess v | v.getVariable().getName() = getAFlagName() |
flag.asExpr() = v and v.getType() instanceof FlagType
)
or
exists(StringLiteral s | s.getRepresentedString() = getAFlagName() | flag.asExpr() = s)
or
exists(MethodAccess ma | ma.getMethod().getName() = getAFlagName() |
flag.asExpr() = ma and
ma.getType() instanceof FlagType
)
|
flagFlowStep*(flag, result)
)
or
exists(StringLiteral s | s.getRepresentedString() = getAFlagName() | result.asExpr() = s)
or
exists(MethodAccess ma | ma.getMethod().getName() = getAFlagName() |
result.asExpr() = ma and
ma.getType() instanceof FlagType
)
or
flagFlowStep*(getAFlag(), result)
}
}

/**
* Flags suggesting an optional feature, perhaps deliberately insecure.
*/
class SecurityFeatureFlag extends FlagKind {
private class SecurityFeatureFlag extends FlagKind {
SecurityFeatureFlag() { this = "SecurityFeatureFlag" }

bindingset[result]
Expand Down