Merge pull request #13856 from aschackmull/java/maybebrokencrypto-barrier

aschackmull · web-flow · commit 15da4ee0094a · 2023-08-01T14:20:44.000+02:00
Java: Make the barrier in java/potentially-weak-cryptographic-algorithm less restrictive
diff --git a/java/ql/lib/semmle/code/java/security/MaybeBrokenCryptoAlgorithmQuery.qll b/java/ql/lib/semmle/code/java/security/MaybeBrokenCryptoAlgorithmQuery.qll
@@ -34,15 +34,6 @@ private predicate objectToString(MethodAccess ma) {
   )
 }
 
-private class StringContainer extends RefType {
-  StringContainer() {
-    this instanceof TypeString or
-    this instanceof StringBuildingType or
-    this.hasQualifiedName("java.util", "StringTokenizer") or
-    this.(Array).getComponentType() instanceof StringContainer
-  }
-}
-
 /**
  * A taint-tracking configuration to reason about the use of potentially insecure cryptographic algorithms.
  */
@@ -53,7 +44,7 @@ module InsecureCryptoConfig implements DataFlow::ConfigSig {
 
   predicate isBarrier(DataFlow::Node n) {
     objectToString(n.asExpr()) or
-    not n.getType().getErasure() instanceof StringContainer
+    n.getType().getErasure() instanceof TypeObject
   }
 }
 
diff --git a/java/ql/src/change-notes/2023-08-01-maybebrokencrypto-barrier.md b/java/ql/src/change-notes/2023-08-01-maybebrokencrypto-barrier.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The sanitizer in `java/potentially-weak-cryptographic-algorithm` has been improved, so the query may yield additional results.

Original file line number	Diff line number	Diff line change
`@@ -34,15 +34,6 @@ private predicate objectToString(MethodAccess ma) {`
`34`	`34`	`)`
`35`	`35`	`}`
`36`	`36`
`37`		`-private class StringContainer extends RefType {`
`38`		`- StringContainer() {`
`39`		`- this instanceof TypeString or`
`40`		`- this instanceof StringBuildingType or`
`41`		`- this.hasQualifiedName("java.util", "StringTokenizer") or`
`42`		`- this.(Array).getComponentType() instanceof StringContainer`
`43`		`- }`
`44`		`-}`
`45`		`-`
`46`	`37`	`/**`
`47`	`38`	`* A taint-tracking configuration to reason about the use of potentially insecure cryptographic algorithms.`
`48`	`39`	`*/`
`@@ -53,7 +44,7 @@ module InsecureCryptoConfig implements DataFlow::ConfigSig {`
`53`	`44`
`54`	`45`	`predicate isBarrier(DataFlow::Node n) {`
`55`	`46`	`objectToString(n.asExpr()) or`
`56`		`- not n.getType().getErasure() instanceof StringContainer`
	`47`	`+ n.getType().getErasure() instanceof TypeObject`
`57`	`48`	`}`
`58`	`49`	`}`
`59`	`50`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* The sanitizer in `java/potentially-weak-cryptographic-algorithm` has been improved, so the query may yield additional results.