Skip to content

Commit

Permalink
Draft work
Browse files Browse the repository at this point in the history
  • Loading branch information
@egregius313
egregius313 committed Jul 10, 2023
1 parent b07db1a commit 8f3db49
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions java/ql/lib/semmle/code/java/security/WeakRandomnessQuery.qll
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import java
import semmle.code.java.frameworks.Servlets
import semmle.code.java.security.SensitiveActions
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.RandomQuery

Expand Down Expand Up @@ -74,6 +75,10 @@ private class CookieSink extends WeakRandomnessSink {
}
}

private class SensitiveActionSink extends WeakRandomnessSink {
SensitiveActionSink() { this.asExpr() instanceof SensitiveExpr }
}

/**
* Holds if there is a method access which converts `bytes` to the string `str`.
*/
Expand All @@ -93,7 +98,13 @@ module WeakRandomnessConfig implements DataFlow::ConfigSig {

predicate isBarrier(DataFlow::Node n) { n.getTypeBound() instanceof SafeRandomImplementation }

predicate isBarrierIn(DataFlow::Node n) { isSource(n) }

predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
n1.asExpr() = n2.asExpr().(BinaryExpr).getAnOperand()
or
n1.asExpr() = n2.asExpr().(UnaryExpr).getExpr()
or
exists(MethodAccess ma, Method m |
n1.asExpr() = ma.getQualifier() and
ma.getMethod() = m and
Expand Down

0 comments on commit 8f3db49

Please sign in to comment.