github
diff --git a/‎java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll
Lines changed: 45 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll
Lines changed: 45 additions & 0 deletions
diff --git a/‎java/ql/src/semmle/code/java/security/InsecureBasicAuthQuery.qll renamed to ‎java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll
Lines changed: 2 additions & 1 deletion b/‎java/ql/src/semmle/code/java/security/InsecureBasicAuthQuery.qll renamed to ‎java/ql/lib/semmle/code/java/security/InsecureBasicAuthQuery.qll
Lines changed: 2 additions & 1 deletion
diff --git a/‎java/ql/src/semmle/code/java/security/InsecureBasicAuth.qll
Lines changed: 0 additions & 259 deletions b/‎java/ql/src/semmle/code/java/security/InsecureBasicAuth.qll
Lines changed: 0 additions & 259 deletions
@@ -0,0 +1,45 @@
+/** Provides classes and predicates to reason about Insecure Basic Authentication vulnerabilities. */
+
+import java
+import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.security.HttpsUrls
+
+/**
+ * A source that represents HTTP URLs.
+ * Extend this class to add your own Insecure Basic Authentication sources.
+ */
+abstract class InsecureBasicAuthSource extends DataFlow::Node { }
+
+/** A default source representing HTTP strings, URLs or URIs. */
+private class DefaultInsecureBasicAuthSource extends InsecureBasicAuthSource {
+  DefaultInsecureBasicAuthSource() { this.asExpr() instanceof HttpStringLiteral }
+}
+
+/**
+ * A sink that represents a method that sets Basic Authentication.
+ * Extend this class to add your own Insecure Basic Authentication sinks.
+ */
+abstract class InsecureBasicAuthSink extends DataFlow::Node { }
+
+/** A default sink representing methods that set an Authorization header. */
+private class DefaultInsecureBasicAuthSink extends InsecureBasicAuthSink {
+  DefaultInsecureBasicAuthSink() {
+    exists(MethodAccess ma |
+      ma.getMethod().hasName("addHeader") or
+      ma.getMethod().hasName("setHeader") or
+      ma.getMethod().hasName("setRequestProperty")
+    |
+      this.asExpr() = ma.getQualifier() and
+      ma.getArgument(0).(CompileTimeConstantExpr).getStringValue() = "Authorization" and
+      TaintTracking::localExprTaint(any(BasicAuthString b), ma.getArgument(1))
+    )
+  }
+}
+
+/**
+ * String pattern of basic authentication.
+ */
+private class BasicAuthString extends StringLiteral {
+  BasicAuthString() { exists(string s | this.getRepresentedString() = s | s.matches("Basic %")) }
+}
@@ -1,6 +1,7 @@
 /** Provides taint tracking configurations to be used in Insecure Basic Authentication queries. */
 
 import java
+import semmle.code.java.security.HttpsUrls
 import semmle.code.java.security.InsecureBasicAuth
 import semmle.code.java.dataflow.TaintTracking
 
@@ -16,6 +17,6 @@ class BasicAuthFlowConfig extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureBasicAuthSink }
 
   override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(InsecureBasicAuthAdditionalTaintStep c).step(node1, node2)
+    any(HttpUrlsAdditionalTaintStep c).step(node1, node2)
   }
 }
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`/** Provides taint tracking configurations to be used in Insecure Basic Authentication queries. */`
`2`	`2`
`3`	`3`	`import java`
	`4`	`+import semmle.code.java.security.HttpsUrls`
`4`	`5`	`import semmle.code.java.security.InsecureBasicAuth`
`5`	`6`	`import semmle.code.java.dataflow.TaintTracking`
`6`	`7`
`@@ -16,6 +17,6 @@ class BasicAuthFlowConfig extends TaintTracking::Configuration {`
`16`	`17`	`override predicate isSink(DataFlow::Node sink) { sink instanceof InsecureBasicAuthSink }`
`17`	`18`
`18`	`19`	`override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {`
`19`		`- any(InsecureBasicAuthAdditionalTaintStep c).step(node1, node2)`
	`20`	`+ any(HttpUrlsAdditionalTaintStep c).step(node1, node2)`
`20`	`21`	`}`
`21`	`22`	`}`