Merge pull request #1682 from aschackmull/java/hardcoded-credentials-precision

yh-semmle · web-flow · commit 251d441f6ab9 · 2019-08-02T11:37:06.000-04:00
Java: Improve the precision of java/hardcoded-credential-api-call.
diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
@@ -31,6 +31,10 @@ class HardcodedCredentialApiCallConfiguration extends DataFlow::Configuration {
       ma.getQualifier() = node1.asExpr()
     )
   }
+
+  override predicate isBarrier(DataFlow::Node n) {
+    n.asExpr().(MethodAccess).getMethod() instanceof MethodSystemGetenv
+  }
 }
 
 from

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,10 @@ class HardcodedCredentialApiCallConfiguration extends DataFlow::Configuration {`
`31`	`31`	`ma.getQualifier() = node1.asExpr()`
`32`	`32`	`)`
`33`	`33`	`}`
	`34`	`+`
	`35`	`+ override predicate isBarrier(DataFlow::Node n) {`
	`36`	`+ n.asExpr().(MethodAccess).getMethod() instanceof MethodSystemGetenv`
	`37`	`+ }`
`34`	`38`	`}`
`35`	`39`
`36`	`40`	`from`