Skip to content

Commit e1e5e78

Browse files
atorralbaatorralba
committed
Apply suggestions from code review
- Update CleartextStorage library to latest refactor - Move change note to new location
1 parent d17e973 commit e1e5e78

File tree

2 files changed

+4
-14
lines changed

2 files changed

+4
-14
lines changed

java/old-change-notes/2021-08-10-cleartext-storage-sharedprefs-query.md renamed to java/ql/lib/change-notes/2021-08-10-cleartext-storage-sharedprefs-query.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,4 @@
1-
lgtm,codescanning
1+
---
2+
category: newQuery
3+
---
24
* The query "Cleartext storage of sensitive information using `SharedPreferences` on Android" (`java/android/cleartext-storage-shared-prefs`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4675).

java/ql/lib/semmle/code/java/security/CleartextStorageSharedPrefsQuery.qll

Lines changed: 1 addition & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -45,15 +45,14 @@ class SharedPreferencesEditorMethodAccess extends Storable, MethodAccess {
4545
}
4646

4747
/**
48-
* Holds if `input` is not encrypted and is the second argument of a setter method
48+
* Holds if `input` is the second argument of a setter method
4949
* called on `editor`, which is an instance of `SharedPreferences$Editor`
5050
* .
5151
*/
5252
private predicate sharedPreferencesInput(DataFlow::Node editor, Expr input) {
5353
exists(MethodAccess m |
5454
m.getMethod() instanceof PutSharedPreferenceMethod and
5555
input = m.getArgument(1) and
56-
not exists(EncryptedValueFlowConfig conf | conf.hasFlow(_, DataFlow::exprNode(input))) and
5756
editor.asExpr() = m.getQualifier()
5857
)
5958
}
@@ -91,14 +90,3 @@ private class EncryptedSensitiveMethodAccess extends MethodAccess {
9190
this.getMethod().getName().toLowerCase().matches(["%encrypt%", "%hash%"])
9291
}
9392
}
94-
95-
/** Flow configuration for encryption methods flowing to inputs of `SharedPreferences`. */
96-
private class EncryptedValueFlowConfig extends DataFlow4::Configuration {
97-
EncryptedValueFlowConfig() { this = "SensitiveStorage::EncryptedValueFlowConfig" }
98-
99-
override predicate isSource(DataFlow::Node src) {
100-
src.asExpr() instanceof EncryptedSensitiveMethodAccess
101-
}
102-
103-
override predicate isSink(DataFlow::Node sink) { sink instanceof SharedPrefsCleartextStorageSink }
104-
}

0 commit comments

Comments
 (0)