File tree Expand file tree Collapse file tree
java/ql/src/semmle/code/java/security Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -46,9 +46,18 @@ class JwtParserWithInsecureParseSink extends DataFlow::Node {
4646 MethodAccess getParseMethodAccess ( ) { result = insecureParseMa }
4747}
4848
49- /** A set of additional taint steps to consider when taint tracking JWT related data flows. */
50- class JwtParserWithInsecureParseAdditionalTaintStep extends Unit {
51- predicate step ( DataFlow:: Node node1 , DataFlow:: Node node2 ) {
49+ /**
50+ * A unit class for adding additional flow steps.
51+ *
52+ * Extend this class to add additional flow steps that should apply to the `SigningToInsecureMethodAccessDataFlow`.
53+ */
54+ class JwtParserWithInsecureParseAdditionalFlowStep extends Unit {
55+ abstract predicate step ( DataFlow:: Node node1 , DataFlow:: Node node2 ) ;
56+ }
57+
58+ /** A set of additional flow steps to consider when working with JWT parsing related data flows. */
59+ private class DefaultJwtParserWithInsecureParseAdditionalFlowStep extends JwtParserWithInsecureParseAdditionalFlowStep {
60+ override predicate step ( DataFlow:: Node node1 , DataFlow:: Node node2 ) {
5261 jwtParserStep ( node1 .asExpr ( ) , node2 .asExpr ( ) )
5362 }
5463}
Original file line number Diff line number Diff line change @@ -50,6 +50,6 @@ private class SigningToInsecureMethodAccessDataFlow extends DataFlow::Configurat
5050 override predicate isSink ( DataFlow:: Node sink ) { sink instanceof JwtParserWithInsecureParseSink }
5151
5252 override predicate isAdditionalFlowStep ( DataFlow:: Node node1 , DataFlow:: Node node2 ) {
53- any ( JwtParserWithInsecureParseAdditionalTaintStep c ) .step ( node1 , node2 )
53+ any ( JwtParserWithInsecureParseAdditionalFlowStep c ) .step ( node1 , node2 )
5454 }
5555}
You can’t perform that action at this time.
0 commit comments