Skip to content

Commit 6770d2a

Browse files
aschackmullaschackmull
committed
Java: Exclude source-to-source flow in 5 queries.
1 parent 1c8297b commit 6770d2a

File tree

5 files changed

+12
-0
lines changed

5 files changed

+12
-0
lines changed

java/ql/lib/semmle/code/java/security/ArithmeticTaintedQuery.qll

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,8 @@ module RemoteUserInputOverflowConfig implements DataFlow::ConfigSig {
1111
predicate isSink(DataFlow::Node sink) { overflowSink(_, sink.asExpr()) }
1212

1313
predicate isBarrier(DataFlow::Node n) { overflowBarrier(n) }
14+
15+
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
1416
}
1517

1618
/** A taint-tracking configuration to reason about underflow from unvalidated user input. */
@@ -20,6 +22,8 @@ module RemoteUserInputUnderflowConfig implements DataFlow::ConfigSig {
2022
predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) }
2123

2224
predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) }
25+
26+
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
2327
}
2428

2529
/** Taint-tracking flow for overflow from unvalidated user input. */

java/ql/lib/semmle/code/java/security/ImproperValidationOfArrayIndexQuery.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ module ImproperValidationOfArrayIndexConfig implements DataFlow::ConfigSig {
1515
}
1616

1717
predicate isBarrier(DataFlow::Node node) { node.getType() instanceof BooleanType }
18+
19+
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
1820
}
1921

2022
/**

java/ql/lib/semmle/code/java/security/LogInjectionQuery.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ module LogInjectionConfig implements DataFlow::ConfigSig {
3636
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
3737
any(LogInjectionAdditionalTaintStep c).step(node1, node2)
3838
}
39+
40+
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
3941
}
4042

4143
/**

java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,8 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig {
100100
node.getEnclosingCallable() instanceof HashCodeMethod or
101101
exists(RightShiftOp e | e.getShiftedVariable().getAnAccess() = node.asExpr())
102102
}
103+
104+
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
103105
}
104106

105107
/**

java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,8 @@ module RequestForgeryConfig implements DataFlow::ConfigSig {
5151
}
5252

5353
predicate isBarrier(DataFlow::Node node) { node instanceof RequestForgerySanitizer }
54+
55+
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
5456
}
5557

5658
module RequestForgeryFlow = TaintTracking::Global<RequestForgeryConfig>;

0 commit comments

Comments
 (0)