Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
C#: Indentify more APIs as supported in the telemetry queries (as QL …
…defined sources).
- Loading branch information
1 parent
c5bdd5b
commit 481e289
Showing
10 changed files
with
139 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
/** Provides classes representing various flow sources for data flow / taint tracking. */ | ||
|
||
private import semmle.code.java.dataflow.ExternalFlow | ||
private import semmle.code.java.dataflow.FlowSources | ||
|
||
/** | ||
* A data flow source node. | ||
*/ | ||
abstract class SourceNode extends DataFlow::Node { } | ||
|
||
/** | ||
* Module that adds all API like sources to `SourceNode`, excluding sources for cryptography based | ||
* queries, and queries where sources are not succifiently. | ||
*/ | ||
private module ApiSources { | ||
private import FlowSources as FlowSources | ||
private import semmle.code.java.security.ArbitraryApkInstallation as ArbitraryApkInstallation | ||
private import semmle.code.java.security.CleartextStorageAndroidDatabaseQuery as CleartextStorageAndroidDatabaseQuery | ||
private import semmle.code.java.security.CleartextStorageAndroidFilesystemQuery as CleartextStorageAndroidFilesystemQuery | ||
private import semmle.code.java.security.CleartextStorageSharedPrefsQuery as CleartextStorageSharedPrefsQuery | ||
private import semmle.code.java.security.ImplicitPendingIntentsQuery as ImplicitPendingIntentsQuery | ||
private import semmle.code.java.security.ImproperIntentVerificationQuery as ImproperIntentVerificationQuery | ||
private import semmle.code.java.security.InsecureTrustManagerQuery as InsecureTrustManagerQuery | ||
private import semmle.code.java.security.MissingJWTSignatureCheckQuery as MissingJWTSignatureCheckQuery | ||
Check warning Code scanning / CodeQL Acronyms should be PascalCase/camelCase. Warning
Acronyms in MissingJWTSignatureCheckQuery should be PascalCase/camelCase.
|
||
private import semmle.code.java.security.XSS as Xss | ||
Check warning Code scanning / CodeQL Names only differing by case Warning
Xss is only different by casing from XSS that is used elsewhere for modules.
|
||
private import semmle.code.java.security.StackTraceExposureQuery as StackTraceExposureQuery | ||
private import semmle.code.java.security.UnsafeCertTrustQuery as UnsafeCertTrustQuery | ||
private import semmle.code.java.security.ZipSlipQuery as ZipSlipQuery | ||
|
||
private class FlowSourcesSourceNode extends SourceNode instanceof FlowSources::SourceNode { } | ||
|
||
private class ArbitraryApkInstallationSources extends SourceNode instanceof ArbitraryApkInstallation::ExternalApkSource | ||
{ } | ||
|
||
private class CleartextStorageAndroidDatabaseQuerySources extends SourceNode instanceof CleartextStorageAndroidDatabaseQuery::LocalDatabaseOpenMethodCallSource | ||
{ } | ||
|
||
private class CleartextStorageAndroidFilesystemQuerySources extends SourceNode instanceof CleartextStorageAndroidFilesystemQuery::LocalFileOpenCallSource | ||
{ } | ||
|
||
private class CleartextStorageSharedPrefsQuerySources extends SourceNode instanceof CleartextStorageSharedPrefsQuery::SharedPreferencesEditorMethodCallSource | ||
{ } | ||
|
||
private class ImplicitPendingIntentsQuerySources extends SourceNode instanceof ImplicitPendingIntentsQuery::ImplicitPendingIntentSource | ||
{ } | ||
|
||
private class ImproperIntentVerificationQuerySources extends SourceNode instanceof ImproperIntentVerificationQuery::VerifiedIntentConfigSource | ||
{ } | ||
|
||
private class InsecureTrustManagerQuerySources extends SourceNode instanceof InsecureTrustManagerQuery::InsecureTrustManagerSource | ||
{ } | ||
|
||
private class MissingJWTSignatureCheckQuerySources extends SourceNode instanceof MissingJWTSignatureCheckQuery::JwtParserWithInsecureParseSource | ||
Check warning Code scanning / CodeQL Acronyms should be PascalCase/camelCase. Warning
Acronyms in MissingJWTSignatureCheckQuerySources should be PascalCase/camelCase.
|
||
{ } | ||
|
||
private class XssSources extends SourceNode instanceof Xss::XssVulnerableWriterSourceNode { } | ||
|
||
private class StackTraceExposureQuerySources extends SourceNode instanceof StackTraceExposureQuery::GetMessageFlowSource | ||
{ } | ||
|
||
private class UnsafeCertTrustQuerySources extends SourceNode instanceof UnsafeCertTrustQuery::SslConnectionInit | ||
{ } | ||
|
||
private class ZipSlipQuerySources extends SourceNode instanceof ZipSlipQuery::ArchiveEntryNameMethodSource | ||
{ } | ||
|
||
/** | ||
* Add all models as data sources. | ||
*/ | ||
private class SourceNodeExternal extends SourceNode { | ||
SourceNodeExternal() { sourceNode(this, _) } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters