Skip to content

Commit c3ba632

Browse files
committed
Java: Add some type-based sanitizers to SensitiveInfoLog.ql.
1 parent 6e495ba commit c3ba632

File tree

1 file changed

+13
-1
lines changed

1 file changed

+13
-1
lines changed

java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,14 @@ class CredentialExpr extends Expr {
1717
}
1818
}
1919

20+
/** An instantiation of a (reflexive, transitive) subtype of `java.lang.reflect.Type`. */
21+
private class TypeType extends RefType {
22+
pragma[nomagic]
23+
TypeType() {
24+
this.getSourceDeclaration().getASourceSupertype*().hasQualifiedName("java.lang.reflect", "Type")
25+
}
26+
}
27+
2028
/** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
2129
class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
2230
SensitiveLoggerConfiguration() { this = "SensitiveLoggerConfiguration" }
@@ -26,7 +34,11 @@ class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
2634
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "logging") }
2735

2836
override predicate isSanitizer(DataFlow::Node sanitizer) {
29-
sanitizer.asExpr() instanceof LiveLiteral
37+
sanitizer.asExpr() instanceof LiveLiteral or
38+
sanitizer.getType() instanceof PrimitiveType or
39+
sanitizer.getType() instanceof BoxedType or
40+
sanitizer.getType() instanceof NumberType or
41+
sanitizer.getType() instanceof TypeType
3042
}
3143

3244
override predicate isSanitizerIn(Node node) { isSource(node) }

0 commit comments

Comments
 (0)