Skip to content

Java: Opt-in java/tainted-permissions-check to threat models. #16772

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 18, 2024
Merged

Java: Opt-in java/tainted-permissions-check to threat models. #16772

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
327dab6
Java: Opt-in the tainted permissions check query to threat models.
michaelnebel Jun 17, 2024
c386266
Java: Add change note.
michaelnebel Jun 17, 2024
5686efd
Update java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md
michaelnebel Jun 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion java/ql/lib/semmle/code/java/security/TaintedPermissionsCheckQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ private class WildCardPermissionConstruction extends ClassInstanceExpr, Permissi
* A configuration for tracking flow from user input to a permissions check.
*/
module TaintedPermissionsCheckFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof UserInput }
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }

predicate isSink(DataFlow::Node sink) {
sink.asExpr() = any(PermissionsConstruction p).getInput()
Expand Down
4 changes: 4 additions & 0 deletions java/ql/src/change-notes/2024-06-17-tainted-permissions-check.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The query `java/tainted-permissions-check` now uses threat models. This means that `local` sources are no longer included by default for this query, but can be added by enabling the `local` threat model.