Skip to content

Commit 94768f4

Browse files
egregius313egregius313
committed
Refactor HashWithoutSalt
1 parent cb73911 commit 94768f4

File tree

1 file changed

+9
-9
lines changed

1 file changed

+9
-9
lines changed

java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212

1313
import java
1414
import semmle.code.java.dataflow.TaintTracking
15-
import DataFlow::PathGraph
15+
import HashWithoutSaltFlow::PathGraph
1616

1717
/**
1818
* Gets a regular expression for matching common names of variables
@@ -138,12 +138,10 @@ class HashWithoutSaltSink extends DataFlow::ExprNode {
138138
* Taint configuration tracking flow from an expression whose name suggests it holds password data
139139
* to a method call that generates a hash without a salt.
140140
*/
141-
class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
142-
HashWithoutSaltConfiguration() { this = "HashWithoutSaltConfiguration" }
141+
module HashWithoutSaltConfig implements DataFlow::ConfigSig {
142+
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof PasswordVarExpr }
143143

144-
override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof PasswordVarExpr }
145-
146-
override predicate isSink(DataFlow::Node sink) { sink instanceof HashWithoutSaltSink }
144+
predicate isSink(DataFlow::Node sink) { sink instanceof HashWithoutSaltSink }
147145

148146
/**
149147
* Holds if a password is concatenated with a salt then hashed together through the call `System.arraycopy(password.getBytes(), ...)`, for example,
@@ -152,7 +150,7 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
152150
* `byte[] messageDigest = md.digest(allBytes);`
153151
* Or the password is concatenated with a salt as a string.
154152
*/
155-
override predicate isSanitizer(DataFlow::Node node) {
153+
predicate isBarrier(DataFlow::Node node) {
156154
exists(MethodAccess ma |
157155
ma.getMethod().getDeclaringType().hasQualifiedName("java.lang", "System") and
158156
ma.getMethod().hasName("arraycopy") and
@@ -176,6 +174,8 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
176174
}
177175
}
178176

179-
from DataFlow::PathNode source, DataFlow::PathNode sink, HashWithoutSaltConfiguration cc
180-
where cc.hasFlowPath(source, sink)
177+
module HashWithoutSaltFlow = TaintTracking::Global<HashWithoutSaltConfig>;
178+
179+
from HashWithoutSaltFlow::PathNode source, HashWithoutSaltFlow::PathNode sink
180+
where HashWithoutSaltFlow::flowPath(source, sink)
181181
select sink, source, sink, "$@ is hashed without a salt.", source, "The password"

0 commit comments

Comments
 (0)