From d7ef0da33e9c5bf074dbc03805de287eb645cb6c Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 15 Aug 2023 23:31:55 -0400 Subject: [PATCH] Refactor HardcodedCredentials to use new SensitiveApi api --- .../code/java/security/HardcodedCredentials.qll | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/java/ql/lib/semmle/code/java/security/HardcodedCredentials.qll b/java/ql/lib/semmle/code/java/security/HardcodedCredentials.qll index 8f7d81a7bd7c0..f4ae5f98f0abb 100644 --- a/java/ql/lib/semmle/code/java/security/HardcodedCredentials.qll +++ b/java/ql/lib/semmle/code/java/security/HardcodedCredentials.qll @@ -59,15 +59,10 @@ abstract class CredentialsSink extends Expr { */ class CredentialsApiSink extends CredentialsSink { CredentialsApiSink() { - exists(Call call, int i | - this = call.getArgument(i) and - ( - javaApiCallableUsernameParam(call.getCallee(), i) or - javaApiCallablePasswordParam(call.getCallee(), i) or - javaApiCallableCryptoKeyParam(call.getCallee(), i) or - otherApiCallableCredentialParam(call.getCallee(), i) - ) - ) + this = any(PasswordParameter p).asExpr() or + this = any(UsernameParameter p).asExpr() or + this = any(CryptoKeyParameter p).asExpr() or + this = any(CredentialParameter p).asExpr() } }