Skip to content

Commit a03e6fa

Browse files
luchua-bcluchua-bc
committed
Optimize the query and update qldoc
1 parent 6a6727f commit a03e6fa

File tree

4 files changed

+7
-145
lines changed

4 files changed

+7
-145
lines changed

java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql

Lines changed: 7 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -64,16 +64,12 @@ class PasswordVarExpr extends Expr {
6464
}
6565
}
6666

67-
/** Holds if `Expr` e is an operand of `AddExpr`. */
68-
predicate hasAddExpr(AddExpr ae, Expr e) {
69-
ae.getAnOperand() = e or
70-
hasAddExpr(ae.getAnOperand(), e)
71-
}
67+
/** Holds if `Expr` e is a direct or indirect operand of `ae`. */
68+
predicate hasAddExpr(AddExpr ae, Expr e) { ae.getAnOperand+() = e }
7269

7370
/** Holds if `MethodAccess` ma has a flow to another `MDHashMethodAccess` call. */
7471
predicate hasAnotherHashCall(MethodAccess ma) {
75-
exists(MethodAccess ma2, DataFlow2::Node node1, DataFlow2::Node node2 |
76-
ma2 instanceof MDHashMethodAccess and
72+
exists(MDHashMethodAccess ma2, DataFlow::Node node1, DataFlow::Node node2 |
7773
ma2 != ma and
7874
node1.asExpr() = ma.getAChildExpr() and
7975
node2.asExpr() = ma2.getAChildExpr() and
@@ -85,29 +81,22 @@ predicate hasAnotherHashCall(MethodAccess ma) {
8581
}
8682

8783
/** Holds if `MethodAccess` ma is a hashing call without a sibling node making another hashing call. */
88-
predicate isSingleHashMethodCall(MethodAccess ma) {
89-
(
90-
ma instanceof MDHashMethodAccess and
91-
not hasAnotherHashCall(ma)
92-
)
93-
}
84+
predicate isSingleHashMethodCall(MDHashMethodAccess ma) { not hasAnotherHashCall(ma) }
9485

9586
/** Holds if `MethodAccess` ma is invoked by `MethodAccess` ma2 either directly or indirectly. */
9687
predicate hasParentCall(MethodAccess ma2, MethodAccess ma) {
97-
ma.getCaller() = ma2.getMethod() and
98-
not ma2 instanceof MDHashMethodAccess
88+
ma.getCaller() = ma2.getMethod()
9989
or
10090
exists(MethodAccess ma3 |
10191
ma.getCaller() = ma3.getMethod() and
102-
not ma3 instanceof MDHashMethodAccess and
10392
hasParentCall(ma2, ma3)
10493
)
10594
}
10695

107-
/** Holds if `MethodAccess` is a single hashing call. */
96+
/** Holds if `MethodAccess` is a single hashing call that is not invoked by a wrapper method. */
10897
predicate isSink(MethodAccess ma) {
10998
isSingleHashMethodCall(ma) and
110-
not exists(MethodAccess ma2 | hasParentCall(ma2, ma))
99+
not exists(MethodAccess ma2 | hasParentCall(ma2, ma)) // Not invoked by a wrapper method which could invoke MDHashMethod in another call stack to reduce FPs
111100
}
112101

113102
/** Sink of hashing calls. */

java/ql/src/semmle/code/java/dataflow/TaintTracking3.qll

Lines changed: 0 additions & 7 deletions
This file was deleted.

java/ql/src/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingImpl.qll

Lines changed: 0 additions & 115 deletions
This file was deleted.

java/ql/src/semmle/code/java/dataflow/internal/tainttracking3/TaintTrackingParameter.qll

Lines changed: 0 additions & 5 deletions
This file was deleted.

0 commit comments

Comments
 (0)