Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3d9f8d5

Browse files
owen-mcowen-mc
committed
Make InsecureRandomness use new API
1 parent 87c089e commit 3d9f8d5

2 files changed

Lines changed: 23 additions & 8 deletions

File tree

go/ql/lib/semmle/go/security/InsecureRandomness.qll

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,12 @@ module InsecureRandomness {
1717
import InsecureRandomnessCustomizations::InsecureRandomness
1818

1919
/**
20+
* DEPRECATED: Use `Flow` instead.
21+
*
2022
* A taint-tracking configuration for reasoning about random values that are
2123
* not cryptographically secure.
2224
*/
23-
class Configuration extends TaintTracking::Configuration {
25+
deprecated class Configuration extends TaintTracking::Configuration {
2426
Configuration() { this = "InsecureRandomness" }
2527

2628
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -32,4 +34,17 @@ module InsecureRandomness {
3234

3335
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
3436
}
37+
38+
/** Holds if `sink` is a sink for this configuration with kind `kind`. */
39+
predicate isSinkWithKind(Sink sink, string kind) { kind = sink.getKind() }
40+
41+
private module Config implements DataFlow::ConfigSig {
42+
predicate isSource(DataFlow::Node source) { source instanceof Source }
43+
44+
predicate isSink(DataFlow::Node sink) { isSinkWithKind(sink, _) }
45+
46+
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
47+
}
48+
49+
module Flow = TaintTracking::Global<Config>;
3550
}

go/ql/src/Security/CWE-338/InsecureRandomness.ql

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -11,19 +11,19 @@
1111
*/
1212

1313
import go
14-
import semmle.go.security.InsecureRandomness::InsecureRandomness
15-
import DataFlow::PathGraph
14+
import semmle.go.security.InsecureRandomness
15+
import InsecureRandomness::Flow::PathGraph
1616

17-
from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string kind
17+
from InsecureRandomness::Flow::PathNode source, InsecureRandomness::Flow::PathNode sink, string kind
1818
where
19-
cfg.hasFlowPath(source, sink) and
20-
cfg.isSinkWithKind(sink.getNode(), kind) and
19+
InsecureRandomness::Flow::flowPath(source, sink) and
20+
InsecureRandomness::isSinkWithKind(sink.getNode(), kind) and
2121
(
2222
kind != "A password-related function"
2323
or
2424
sink =
25-
min(DataFlow::PathNode sink2, int line |
26-
cfg.hasFlowPath(_, sink2) and
25+
min(InsecureRandomness::Flow::PathNode sink2, int line |
26+
InsecureRandomness::Flow::flowPath(_, sink2) and
2727
sink2.getNode().getRoot() = sink.getNode().getRoot() and
2828
sink2.hasLocationInfo(_, line, _, _, _)
2929
|

0 commit comments

Comments
 (0)