Skip to content

Commit

Permalink
Add a superclass for credential nodes
Browse files Browse the repository at this point in the history
  • Loading branch information
egregius313 committed Aug 22, 2023
1 parent dccb394 commit 2d458f7
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 19 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,7 @@ abstract class CredentialsSink extends Expr {
* credentials.
*/
class CredentialsApiSink extends CredentialsSink {
CredentialsApiSink() {
this = any(PasswordParameter p).asExpr() or
this = any(UsernameParameter p).asExpr() or
this = any(CryptoKeyParameter p).asExpr() or
this = any(CredentialParameter p).asExpr()
}
CredentialsApiSink() { this = any(CredentialSinkNode csn).asExpr() }
}

/**
Expand Down
24 changes: 11 additions & 13 deletions java/ql/lib/semmle/code/java/security/SensitiveApi.qll
Original file line number Diff line number Diff line change
Expand Up @@ -7,31 +7,29 @@ private import semmle.code.java.dataflow.DataFlow
private import semmle.code.java.dataflow.ExternalFlow

/**
* A node representing a password being passed to a method.
* A node which represents the use of a credential.
*/
class PasswordParameter extends DataFlow::Node {
PasswordParameter() { sinkNode(this, "credential-password") }
}
abstract class CredentialSinkNode extends DataFlow::Node { }

/**
* A node representing a username being passed to a method.
* A node representing a password being passed to a method.
*/
class UsernameParameter extends DataFlow::Node {
UsernameParameter() { sinkNode(this, "credential-username") }
class PasswordSink extends CredentialSinkNode {
PasswordSink() { sinkNode(this, "credential-password") }
}

/**
* A node representing a cryptographic key being passed to a method.
* A node representing a username being passed to a method.
*/
class CryptoKeyParameter extends DataFlow::Node {
CryptoKeyParameter() { sinkNode(this, "crypto-parameter") }
class UsernameSink extends CredentialSinkNode {
UsernameSink() { sinkNode(this, "credential-username") }
}

/**
* A node representing a credential being passed to a method.
* A node representing a cryptographic key being passed to a method.
*/
class CredentialParameter extends DataFlow::Node {
CredentialParameter() { sinkNode(this, "credential-other") }
class CryptoKeySink extends CredentialSinkNode {
CryptoKeySink() { sinkNode(this, "crypto-parameter") }
}

/**
Expand Down

0 comments on commit 2d458f7

Please sign in to comment.