Skip to content

Commit 4a77f45

Browse files
masterofnowmasterofnow
committed
Minor adjustment to resolve error for codeql version 2.15.4
1 parent 99b273d commit 4a77f45

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

java/ql/src/experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ import semmle.code.java.dataflow.TaintTracking
2020

2121
MethodAccess getClassLoaderReachableMethodAccess(DataFlow::Node node)
2222
{
23-
exists(MethodCall maGetClassLoader |
23+
exists(MethodAccess maGetClassLoader |
2424
maGetClassLoader.getCallee().getName() = "getClassLoader" and
2525
maGetClassLoader.getQualifier() = node.asExpr() and
2626
result = maGetClassLoader.getControlFlowNode().getASuccessor+()
@@ -44,7 +44,7 @@ MethodAccess getDangerousReachableMethodAccess(MethodAccess ma)
4444

4545
module SignaturePackageConfig implements DataFlow::ConfigSig {
4646
predicate isSource(DataFlow::Node source) {
47-
exists(MethodCall maCheckSignatures |
47+
exists(MethodAccess maCheckSignatures |
4848
maCheckSignatures
4949
.getMethod()
5050
.hasQualifiedName("android.content.pm", "PackageManager", "checkSignatures") and
@@ -70,16 +70,16 @@ predicate isSignaturesChecked(MethodAccess maCreatePackageContext)
7070
}
7171

7272
from
73-
MethodCall maCreatePackageContext, LocalVariableDeclExpr lvdePackageContext,
74-
Expr sinkPackageContext, MethodCall maGetMethod, MethodCall maInvoke
73+
MethodAccess maCreatePackageContext, LocalVariableDeclExpr lvdePackageContext,
74+
DataFlow::Node sinkPackageContext, MethodAccess maGetMethod, MethodAccess maInvoke
7575
where
7676
maCreatePackageContext
7777
.getMethod()
7878
.hasQualifiedName("android.content", ["ContextWrapper", "Context"], "createPackageContext") and
7979
not isSignaturesChecked(maCreatePackageContext) and
8080
lvdePackageContext.getEnclosingStmt() = maCreatePackageContext.getEnclosingStmt() and
81-
TaintTracking::localExprTaint(lvdePackageContext.getAnAccess(), sinkPackageContext) and
82-
getClassLoaderReachableMethodCall(sinkPackageContext) = maGetMethod and
83-
getGetMethodMethodCall(maGetMethod) = maInvoke
81+
TaintTracking::localTaint(DataFlow::exprNode(lvdePackageContext.getAnAccess()), sinkPackageContext) and
82+
getClassLoaderReachableMethodAccess(sinkPackageContext) = maGetMethod and
83+
getDangerousReachableMethodAccess(maGetMethod) = maInvoke
8484
select maInvoke, "Potential arbitary code execution due to $@ without $@ signature checking.", sinkPackageContext, "class loading", sinkPackageContext, "package"
8585

0 commit comments

Comments
 (0)