Merge pull request #17036 from chmodxxx/sbaddou/fix

owen-mc · web-flow · commit 4c8da54b64d6 · 2024-07-23T14:55:26.000+01:00
Java: Move SensitiveLoggerConfig source to extensible format
diff --git a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -7,6 +7,9 @@ import semmle.code.java.security.SensitiveActions
 import semmle.code.java.frameworks.android.Compose
 private import semmle.code.java.security.Sanitizers
 
+/** A data flow source node for sensitive logging sources. */
+abstract class SensitiveLoggerSource extends DataFlow::Node { }
+
 /** A variable that may hold sensitive information, judging by its name. */
 class VariableWithSensitiveName extends Variable {
   VariableWithSensitiveName() {
@@ -26,6 +29,10 @@ class CredentialExpr extends VarAccess {
   }
 }
 
+private class CredentialExprSource extends SensitiveLoggerSource {
+  CredentialExprSource() { this.asExpr() instanceof CredentialExpr }
+}
+
 /** An instantiation of a (reflexive, transitive) subtype of `java.lang.reflect.Type`. */
 private class TypeType extends RefType {
   pragma[nomagic]
@@ -42,7 +49,7 @@ private class TypeType extends RefType {
 deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configuration {
   SensitiveLoggerConfiguration() { this = "SensitiveLoggerConfiguration" }
 
-  override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
+  override predicate isSource(DataFlow::Node source) { source instanceof SensitiveLoggerSource }
 
   override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") }
 
@@ -59,7 +66,7 @@ deprecated class SensitiveLoggerConfiguration extends TaintTracking::Configurati
 
 /** A data-flow configuration for identifying potentially-sensitive data flowing to a log output. */
 module SensitiveLoggerConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source.asExpr() instanceof CredentialExpr }
+  predicate isSource(DataFlow::Node source) { source instanceof SensitiveLoggerSource }
 
   predicate isSink(DataFlow::Node sink) { sinkNode(sink, "log-injection") }
 
diff --git a/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md b/java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.