Skip to content

Commit 3aedd2c

Browse files
author
edvraa
committed
Use TaintTracking2
1 parent 773556e commit 3aedd2c

File tree

3 files changed

+9
-72
lines changed

3 files changed

+9
-72
lines changed

csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -24,12 +24,12 @@ class LocalSource extends Source {
2424
LocalSource() { this instanceof LocalFlowSource }
2525
}
2626

27-
from
28-
TaintToObjectMethodTrackingConfig taintTracking, DataFlow::PathNode userInput,
29-
DataFlow::PathNode deserializeCallArg
27+
from DataFlow::PathNode userInput, DataFlow::PathNode deserializeCallArg
3028
where
31-
// all flows from user input to deserialization with weak and strong type serializers
32-
taintTracking.hasFlowPath(userInput, deserializeCallArg) and
29+
exists(TaintToObjectMethodTrackingConfig taintTracking |
30+
// all flows from user input to deserialization with weak and strong type serializers
31+
taintTracking.hasFlowPath(userInput, deserializeCallArg)
32+
) and
3333
// intersect with strong types, but user controlled or weak types deserialization usages
3434
(
3535
exists(

csharp/ql/src/semmle/code/csharp/security/dataflow/UnsafeDeserialization.qll

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import csharp
77

88
module UnsafeDeserialization {
99
private import semmle.code.csharp.serialization.Deserializers
10+
private import semmle.code.csharp.dataflow.TaintTracking2
1011

1112
/**
1213
* A data flow source for unsafe deserialization vulnerabilities.
@@ -57,7 +58,7 @@ module UnsafeDeserialization {
5758
/**
5859
* User input to instance type flow tracking.
5960
*/
60-
class TaintToObjectTypeTrackingConfig extends TaintTracking::Configuration {
61+
class TaintToObjectTypeTrackingConfig extends TaintTracking2::Configuration {
6162
TaintToObjectTypeTrackingConfig() { this = "TaintToObjectTypeTrackingConfig" }
6263

6364
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -90,7 +91,7 @@ module UnsafeDeserialization {
9091
/**
9192
* Unsafe deserializer creation to usage tracking config.
9293
*/
93-
class WeakTypeCreationToUsageTrackingConfig extends TaintTracking::Configuration {
94+
class WeakTypeCreationToUsageTrackingConfig extends TaintTracking2::Configuration {
9495
WeakTypeCreationToUsageTrackingConfig() { this = "DeserializerCreationToUsageTrackingConfig" }
9596

9697
override predicate isSource(DataFlow::Node source) {
@@ -111,7 +112,7 @@ module UnsafeDeserialization {
111112
/**
112113
* Safe deserializer creation to usage tracking config.
113114
*/
114-
abstract class SafeConstructorTrackingConfig extends TaintTracking::Configuration {
115+
abstract class SafeConstructorTrackingConfig extends TaintTracking2::Configuration {
115116
bindingset[this]
116117
SafeConstructorTrackingConfig() { any() }
117118
}

0 commit comments

Comments
 (0)