Merge pull request #17036 from chmodxxx/sbaddou/fix

Java: Move SensitiveLoggerConfig source to extensible format
github · Jul 23, 2024 · 4c8da54 · 4c8da54
2 parents 67dac96 + 4f80ae2
commit 4c8da54
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -7,6 +7,9 @@ import semmle.code.java.security.SensitiveActions
 import semmle.code.java.frameworks.android.Compose
 private import semmle.code.java.security.Sanitizers
 
+/** A data flow source node for sensitive logging sources. */
+abstract class SensitiveLoggerSource extends DataFlow::Node { }
+
 /** A variable that may hold sensitive information, judging by its name. */
 class VariableWithSensitiveName extends Variable {
  VariableWithSensitiveName() {
@@ -26,6 +29,10 @@ class CredentialExpr extends VarAccess {
  }
 }
 
+private class CredentialExprSource extends SensitiveLoggerSource {
+ CredentialExprSource() { this.asExpr() instanceof CredentialExpr }
+}
+
 /** An instantiation of a (reflexive, transitive) subtype of `java.lang.reflect.Type`. */
 private class TypeType extends RefType {
  pragma[nomagic]
@@ -42,7 +49,7 @@ private class TypeType extends RefType {
 deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
  SensitiveLoggerConfiguration() { this = "SensitiveLoggerConfiguration" }
 
- override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
+ override predicate isSource(DataFlow::Node source) { source instanceof SensitiveLoggerSource }
 
  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") }
 
@@ -59,7 +66,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati
 
 /** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
 module SensitiveLoggerConfig implements DataFlow::ConfigSig {
- predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
+ predicate isSource(DataFlow::Node source) { source instanceof SensitiveLoggerSource }
 
  predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") }
 

diff --git a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md b/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.