-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Java: Improve the Api sources and sinks implementation.
- Loading branch information
1 parent
b754706
commit f95b330
Showing
34 changed files
with
154 additions
and
214 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,122 +1,39 @@ | ||
/** Provides classes representing various flow sinks for data flow / taint tracking. */ | ||
|
||
private import semmle.code.java.dataflow.DataFlow | ||
private import semmle.code.java.dataflow.ExternalFlow | ||
private import semmle.code.java.dataflow.FlowSinks as FlowSinks | ||
|
||
/** | ||
* A data flow sink node. | ||
*/ | ||
abstract class SinkNode extends DataFlow::Node { } | ||
final class SinkNode = FlowSinks::ApiSinkNode; | ||
|
||
/** | ||
* Module that adds all API like sinks to `SinkNode`, excluding sinks for cryptography based | ||
* queries, and queries where sinks are not succifiently defined (eg. using broad method name matching). | ||
*/ | ||
private module ApiSinks { | ||
private import semmle.code.java.security.AndroidSensitiveCommunicationQuery as AndroidSensitiveCommunicationQuery | ||
private import semmle.code.java.security.ArbitraryApkInstallation as ArbitraryApkInstallation | ||
private import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery as CleartextStorageAndroidDatabaseQuery | ||
private import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery as CleartextStorageAndroidFilesystemQuery | ||
private import semmle.code.java.security.CleartextStorageCookieQuery as CleartextStorageCookieQuery | ||
private import semmle.code.java.security.CleartextStorageSharedPrefsQuery as CleartextStorageSharedPrefsQuery | ||
private import semmle.code.java.security.ExternallyControlledFormatStringQuery as ExternallyControlledFormatStringQuery | ||
private import semmle.code.java.security.InsecureBasicAuth as InsecureBasicAuth | ||
private import semmle.code.java.security.IntentUriPermissionManipulation as IntentUriPermissionManipulation | ||
private import semmle.code.java.security.InsecureLdapAuth as InsecureLdapAuth | ||
private import semmle.code.java.security.InsecureTrustManager as InsecureTrustManager | ||
private import semmle.code.java.security.JndiInjection as JndiInjection | ||
private import semmle.code.java.security.JWT as Jwt | ||
private import semmle.code.java.security.OgnlInjection as OgnlInjection | ||
private import semmle.code.java.security.SensitiveResultReceiverQuery as SensitiveResultReceiverQuery | ||
private import semmle.code.java.security.SensitiveUiQuery as SensitiveUiQuery | ||
private import semmle.code.java.security.SpelInjection as SpelInjection | ||
private import semmle.code.java.security.SpelInjectionQuery as SpelInjectionQuery | ||
private import semmle.code.java.security.QueryInjection as QueryInjection | ||
private import semmle.code.java.security.TempDirLocalInformationDisclosureQuery as TempDirLocalInformationDisclosureQuery | ||
private import semmle.code.java.security.UnsafeAndroidAccess as UnsafeAndroidAccess | ||
private import semmle.code.java.security.UnsafeContentUriResolution as UnsafeContentUriResolution | ||
private import semmle.code.java.security.UnsafeDeserializationQuery as UnsafeDeserializationQuery | ||
private import semmle.code.java.security.UrlRedirect as UrlRedirect | ||
private import semmle.code.java.security.WebviewDebuggingEnabledQuery as WebviewDebuggingEnabledQuery | ||
private import semmle.code.java.security.XPath as Xpath | ||
private import semmle.code.java.security.XSS as Xss | ||
|
||
private class AndoidIntentRedirectionQuerySinks extends SinkNode instanceof AndroidSensitiveCommunicationQuery::SensitiveCommunicationSink | ||
{ } | ||
|
||
private class ArbitraryApkInstallationSinks extends SinkNode instanceof ArbitraryApkInstallation::SetDataSink | ||
{ } | ||
|
||
private class CleartextStorageAndroidDatabaseQuerySinks extends SinkNode instanceof CleartextStorageAndroidDatabaseQuery::LocalDatabaseSink | ||
{ } | ||
|
||
private class CleartextStorageAndroidFilesystemQuerySinks extends SinkNode instanceof CleartextStorageAndroidFilesystemQuery::LocalFileSink | ||
{ } | ||
|
||
private class CleartextStorageCookieQuerySinks extends SinkNode instanceof CleartextStorageCookieQuery::CookieStoreSink | ||
{ } | ||
|
||
private class CleartextStorageSharedPrefsQuerySinks extends SinkNode instanceof CleartextStorageSharedPrefsQuery::SharedPreferencesSink | ||
{ } | ||
|
||
private class ExternallyControlledFormatStringQuerySinks extends SinkNode instanceof ExternallyControlledFormatStringQuery::StringFormatSink | ||
{ } | ||
|
||
private class InsecureBasicAuthSinks extends SinkNode instanceof InsecureBasicAuth::InsecureBasicAuthSink | ||
{ } | ||
|
||
private class InsecureTrustManagerSinks extends SinkNode instanceof InsecureTrustManager::InsecureTrustManagerSink | ||
{ } | ||
|
||
private class IntentUriPermissionManipulationSinks extends SinkNode instanceof IntentUriPermissionManipulation::IntentUriPermissionManipulationSink | ||
{ } | ||
|
||
private class InsecureLdapAuthSinks extends SinkNode instanceof InsecureLdapAuth::InsecureLdapUrlSink | ||
{ } | ||
|
||
private class JndiInjectionSinks extends SinkNode instanceof JndiInjection::JndiInjectionSink { } | ||
|
||
private class JwtSinks extends SinkNode instanceof Jwt::JwtParserWithInsecureParseSink { } | ||
|
||
private class OgnlInjectionSinks extends SinkNode instanceof OgnlInjection::OgnlInjectionSink { } | ||
|
||
private class SensitiveResultReceiverQuerySinks extends SinkNode instanceof SensitiveResultReceiverQuery::SensitiveResultReceiverSink | ||
{ } | ||
|
||
private class SensitiveUiQuerySinks extends SinkNode instanceof SensitiveUiQuery::TextFieldSink { | ||
} | ||
|
||
private class SpelInjectionSinks extends SinkNode instanceof SpelInjection::SpelExpressionEvaluationSink | ||
{ } | ||
|
||
private class QueryInjectionSinks extends SinkNode instanceof QueryInjection::QueryInjectionSink { | ||
} | ||
|
||
private class TempDirLocalInformationDisclosureSinks extends SinkNode instanceof TempDirLocalInformationDisclosureQuery::MethodFileDirectoryCreationSink | ||
{ } | ||
|
||
private class UnsafeAndroidAccessSinks extends SinkNode instanceof UnsafeAndroidAccess::UrlResourceSink | ||
{ } | ||
|
||
private class UnsafeContentUriResolutionSinks extends SinkNode instanceof UnsafeContentUriResolution::ContentUriResolutionSink | ||
{ } | ||
|
||
private class UnsafeDeserializationQuerySinks extends SinkNode instanceof UnsafeDeserializationQuery::UnsafeDeserializationSink | ||
{ } | ||
|
||
private class UrlRedirectSinks extends SinkNode instanceof UrlRedirect::UrlRedirectSink { } | ||
|
||
private class WebviewDebugEnabledQuery extends SinkNode instanceof WebviewDebuggingEnabledQuery::WebviewDebugSink | ||
{ } | ||
|
||
private class XPathSinks extends SinkNode instanceof Xpath::XPathInjectionSink { } | ||
|
||
private class XssSinks extends SinkNode instanceof Xss::XssSink { } | ||
|
||
/** | ||
* Add all models as data sinks. | ||
*/ | ||
private class SinkNodeExternal extends SinkNode { | ||
SinkNodeExternal() { sinkNode(this, _) } | ||
} | ||
private module AllApiSinks { | ||
private import semmle.code.java.security.AndroidSensitiveCommunicationQuery | ||
private import semmle.code.java.security.ArbitraryApkInstallation | ||
private import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery | ||
private import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery | ||
private import semmle.code.java.security.CleartextStorageCookieQuery | ||
private import semmle.code.java.security.CleartextStorageSharedPrefsQuery | ||
private import semmle.code.java.security.ExternallyControlledFormatStringQuery | ||
private import semmle.code.java.security.InsecureBasicAuth | ||
private import semmle.code.java.security.IntentUriPermissionManipulation | ||
private import semmle.code.java.security.InsecureLdapAuth | ||
private import semmle.code.java.security.InsecureTrustManager | ||
private import semmle.code.java.security.JndiInjection | ||
private import semmle.code.java.security.JWT | ||
private import semmle.code.java.security.OgnlInjection | ||
private import semmle.code.java.security.SensitiveResultReceiverQuery | ||
private import semmle.code.java.security.SensitiveUiQuery | ||
private import semmle.code.java.security.SpelInjection | ||
private import semmle.code.java.security.SpelInjectionQuery | ||
private import semmle.code.java.security.QueryInjection | ||
private import semmle.code.java.security.TempDirLocalInformationDisclosureQuery | ||
private import semmle.code.java.security.UnsafeAndroidAccess | ||
private import semmle.code.java.security.UnsafeContentUriResolution | ||
private import semmle.code.java.security.UnsafeDeserializationQuery | ||
private import semmle.code.java.security.UrlRedirect | ||
private import semmle.code.java.security.WebviewDebuggingEnabledQuery | ||
private import semmle.code.java.security.XPath | ||
private import semmle.code.java.security.XSS | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,69 +1,23 @@ | ||
/** Provides classes representing various flow sources for data flow / taint tracking. */ | ||
|
||
private import semmle.code.java.dataflow.DataFlow | ||
private import semmle.code.java.dataflow.ExternalFlow | ||
private import semmle.code.java.dataflow.FlowSources as FlowSources | ||
|
||
/** | ||
* A data flow source node. | ||
*/ | ||
abstract class SourceNode extends DataFlow::Node { } | ||
final class SourceNode = FlowSources::ApiSourceNode; | ||
|
||
/** | ||
* Module that adds all API like sources to `SourceNode`, excluding some sources for cryptography based | ||
* queries, and queries where sources are not succifiently defined (eg. using broad method name matching). | ||
*/ | ||
private module ApiSources { | ||
private import FlowSources as FlowSources | ||
private import semmle.code.java.security.ArbitraryApkInstallation as ArbitraryApkInstallation | ||
private import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery as CleartextStorageAndroidDatabaseQuery | ||
private import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery as CleartextStorageAndroidFilesystemQuery | ||
private import semmle.code.java.security.CleartextStorageCookieQuery as CleartextStorageCookieQuery | ||
private import semmle.code.java.security.CleartextStorageSharedPrefsQuery as CleartextStorageSharedPrefsQuery | ||
private import semmle.code.java.security.ImplicitPendingIntentsQuery as ImplicitPendingIntentsQuery | ||
private import semmle.code.java.security.ImproperIntentVerificationQuery as ImproperIntentVerificationQuery | ||
private import semmle.code.java.security.InsecureTrustManager as InsecureTrustManager | ||
private import semmle.code.java.security.JWT as Jwt | ||
private import semmle.code.java.security.StackTraceExposureQuery as StackTraceExposureQuery | ||
private import semmle.code.java.security.ZipSlipQuery as ZipSlipQuery | ||
|
||
private class FlowSourcesSourceNode extends SourceNode instanceof FlowSources::SourceNode { } | ||
|
||
private class ArbitraryApkInstallationSources extends SourceNode instanceof ArbitraryApkInstallation::ExternalApkSource | ||
{ } | ||
|
||
private class CleartextStorageAndroidDatabaseQuerySources extends SourceNode instanceof CleartextStorageAndroidDatabaseQuery::LocalDatabaseOpenMethodCallSource | ||
{ } | ||
|
||
private class CleartextStorageAndroidFilesystemQuerySources extends SourceNode instanceof CleartextStorageAndroidFilesystemQuery::LocalFileOpenCallSource | ||
{ } | ||
|
||
private class CleartextStorageCookieQuerySources extends SourceNode instanceof CleartextStorageCookieQuery::CookieSource | ||
{ } | ||
|
||
private class CleartextStorageSharedPrefsQuerySources extends SourceNode instanceof CleartextStorageSharedPrefsQuery::SharedPreferencesEditorMethodCallSource | ||
{ } | ||
|
||
private class ImplicitPendingIntentsQuerySources extends SourceNode instanceof ImplicitPendingIntentsQuery::ImplicitPendingIntentSource | ||
{ } | ||
|
||
private class ImproperIntentVerificationQuerySources extends SourceNode instanceof ImproperIntentVerificationQuery::VerifiedIntentConfigSource | ||
{ } | ||
|
||
private class InsecureTrustManagerSources extends SourceNode instanceof InsecureTrustManager::InsecureTrustManagerSource | ||
{ } | ||
|
||
private class JwtSources extends SourceNode instanceof Jwt::JwtParserWithInsecureParseSource { } | ||
|
||
private class StackTraceExposureQuerySources extends SourceNode instanceof StackTraceExposureQuery::GetMessageFlowSource | ||
{ } | ||
|
||
private class ZipSlipQuerySources extends SourceNode instanceof ZipSlipQuery::ArchiveEntryNameMethodSource | ||
{ } | ||
|
||
/** | ||
* Add all models as data sources. | ||
*/ | ||
private class SourceNodeExternal extends SourceNode { | ||
SourceNodeExternal() { sourceNode(this, _) } | ||
} | ||
private module AllApiSources { | ||
private import semmle.code.java.security.ArbitraryApkInstallation | ||
private import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery | ||
private import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery | ||
private import semmle.code.java.security.CleartextStorageCookieQuery | ||
private import semmle.code.java.security.CleartextStorageSharedPrefsQuery | ||
private import semmle.code.java.security.ImplicitPendingIntentsQuery | ||
private import semmle.code.java.security.ImproperIntentVerificationQuery | ||
private import semmle.code.java.security.InsecureTrustManager | ||
private import semmle.code.java.security.JWT | ||
private import semmle.code.java.security.StackTraceExposureQuery | ||
private import semmle.code.java.security.ZipSlipQuery | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/** Provides classes representing various flow sinks for data flow / taint tracking. */ | ||
|
||
private import java | ||
private import semmle.code.java.dataflow.ExternalFlow | ||
private import semmle.code.java.dataflow.DataFlow | ||
|
||
/** | ||
* A data flow sink node for an API, which should be considered | ||
* supported for a modeling perspective. | ||
*/ | ||
abstract class ApiSinkNode extends DataFlow::Node { } | ||
|
||
/** | ||
* Add all models as data sinks. | ||
*/ | ||
private class ApiSinkNodeExternal extends ApiSinkNode { | ||
ApiSinkNodeExternal() { sinkNode(this, _) } | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.