Skip to content

Commit a34a517

Browse files
egregius313atorralba
egregius313
and
atorralba
committed
Add SyntheticFields for JwsHeader
Co-authored-by: Tony Torralba <[email protected]>
1 parent 62cbcdb commit a34a517

File tree

3 files changed

+16
-4
lines changed

3 files changed

+16
-4
lines changed

java/ql/lib/ext/io.jsonwebtoken.model.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,10 @@ extensions:
33
pack: codeql/java-all
44
extensible: summaryModel
55
data:
6-
- ["io.jsonwebtoken", "JwsHeader", True, "getAlgorithm", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
7-
- ["io.jsonwebtoken", "JwsHeader", True, "setAlgorithm", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
8-
- ["io.jsonwebtoken", "JwsHeader", True, "getKeyId", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
9-
- ["io.jsonwebtoken", "JwsHeader", True, "setKeyId", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
6+
- ["io.jsonwebtoken", "JwsHeader", True, "getAlgorithm", "", "", "Argument[this].SyntheticField[io.jsonwebtoken.JwsHeader.algorithm]", "ReturnValue", "taint", "manual"]
7+
- ["io.jsonwebtoken", "JwsHeader", True, "setAlgorithm", "", "", "Argument[0]", "Argument[this].SyntheticField[io.jsonwebtoken.JwsHeader.algorithm]", "taint", "manual"]
8+
- ["io.jsonwebtoken", "JwsHeader", True, "getKeyId", "", "", "Argument[this].SyntheticField[io.jsonwebtoken.JwsHeader.keyId]", "ReturnValue", "taint", "manual"]
9+
- ["io.jsonwebtoken", "JwsHeader", True, "setKeyId", "", "", "Argument[0]", "Argument[this].SyntheticField[io.jsonwebtoken.JwsHeader.keyId]", "taint", "manual"]
1010
- addsTo:
1111
pack: codeql/java-all
1212
extensible: sourceModel

java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ private module Frameworks {
1818
private import semmle.code.java.frameworks.ApacheHttp
1919
private import semmle.code.java.frameworks.guava.Guava
2020
private import semmle.code.java.frameworks.Guice
21+
private import semmle.code.java.frameworks.IoJsonWebToken
2122
private import semmle.code.java.frameworks.jackson.JacksonSerializability
2223
private import semmle.code.java.frameworks.Properties
2324
private import semmle.code.java.frameworks.Protobuf

java/ql/lib/semmle/code/java/frameworks/IoJsonWebToken.qll

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
/** Predicates and classes to reason about the `io.jsonwebtoken` library. */
2+
3+
import java
4+
private import semmle.code.java.dataflow.DataFlow
5+
private import semmle.code.java.dataflow.FlowSteps
6+
7+
private class JwsHeaderFieldsInheritTaint extends DataFlow::SyntheticFieldContent,
8+
TaintInheritingContent
9+
{
10+
JwsHeaderFieldsInheritTaint() { this.getField().matches("io.jsonwebtoken.JwsHeader.%") }
11+
}

0 commit comments

Comments
 (0)