Remove specific method name in additional taint step

luchua-bc · luchua-bc · commit b56fe2b25f64 · 2021-01-07T16:31:21.000Z
diff --git a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql
@@ -76,11 +76,10 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
     )
   }
 
-  /** Holds for additional steps that flow to a method call of `update` or `digest` declared in `java.security.MessageDigest`. */
+  /** Holds for additional steps that flow to additional method calls of the type `java.security.MessageDigest`. */
   override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
     exists(MethodAccess ma |
       ma.getMethod().getDeclaringType() instanceof MessageDigest and
-      ma.getMethod().hasName(["digest", "update"]) and
       pred.asExpr() = ma.getAnArgument() and
       (succ.asExpr() = ma or succ.asExpr() = ma.getQualifier())
     )

Original file line number	Diff line number	Diff line change
`@@ -76,11 +76,10 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {`
`76`	`76`	`)`
`77`	`77`	`}`
`78`	`78`
`79`		- /** Holds for additional steps that flow to a method call of `update` or `digest` declared in `java.security.MessageDigest`. */
	`79`	+ /** Holds for additional steps that flow to additional method calls of the type `java.security.MessageDigest`. */
`80`	`80`	`override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {`
`81`	`81`	`exists(MethodAccess ma \|`
`82`	`82`	`ma.getMethod().getDeclaringType() instanceof MessageDigest and`
`83`		`- ma.getMethod().hasName(["digest", "update"]) and`
`84`	`83`	`pred.asExpr() = ma.getAnArgument() and`
`85`	`84`	`(succ.asExpr() = ma or succ.asExpr() = ma.getQualifier())`
`86`	`85`	`)`