@@ -25,37 +25,31 @@ abstract class WeakRandomnessSource extends DataFlow::Node { }
2525 * A node representing a call to a constructor of `java.util.Random`.
2626 */
2727private class JavaRandomSource extends WeakRandomnessSource {
28- JavaRandomSource ( ) {
29- this .asExpr ( ) .getType ( ) instanceof TypeRandom and this .asExpr ( ) instanceof ConstructorCall
30- }
28+ JavaRandomSource ( ) { this .asExpr ( ) .( ClassInstanceExpr ) .getType ( ) instanceof TypeRandom }
3129}
3230
3331/**
3432 * A node representing a call to one of the methods of `org.apache.commons.lang.RandomStringUtils`.
3533 */
3634private class ApacheRandomStringUtilsMethodAccessSource extends WeakRandomnessSource {
3735 ApacheRandomStringUtilsMethodAccessSource ( ) {
38- exists ( MethodAccess ma | this .asExpr ( ) = ma |
39- ma .getMethod ( )
40- .hasName ( [
41- "random" , "randomAlphabetic" , "randomAlphanumeric" , "randomAscii" , "randomGraph" ,
42- "randomNumeric" , "randomPrint"
43- ] ) and
44- ma .getMethod ( )
45- .getDeclaringType ( )
46- .hasQualifiedName ( "org.apache.commons.lang" , "RandomStringUtils" )
47- )
36+ this .asExpr ( )
37+ .( MethodAccess )
38+ .getMethod ( )
39+ .hasQualifiedName ( "org.apache.commons.lang" , "RandomStringUtils" ,
40+ [
41+ "random" , "randomAlphabetic" , "randomAlphanumeric" , "randomAscii" , "randomGraph" ,
42+ "randomNumeric" , "randomPrint"
43+ ] )
4844 }
4945}
5046
5147private class ThreadLocalRandomSource extends WeakRandomnessSource {
5248 ThreadLocalRandomSource ( ) {
53- exists ( MethodAccess ma | this .asExpr ( ) = ma |
54- ma .getMethod ( ) .hasName ( "current" ) and
55- ma .getMethod ( )
56- .getDeclaringType ( )
57- .hasQualifiedName ( "java.util.concurrent" , "ThreadLocalRandom" )
58- )
49+ this .asExpr ( )
50+ .( MethodAccess )
51+ .getMethod ( )
52+ .hasQualifiedName ( "java.util.concurrent" , "ThreadLocalRandom" , "current" )
5953 }
6054}
6155
@@ -64,10 +58,7 @@ private class ThreadLocalRandomSource extends WeakRandomnessSource {
6458 */
6559private class MathRandomMethodAccess extends WeakRandomnessSource {
6660 MathRandomMethodAccess ( ) {
67- exists ( MethodAccess ma | this .asExpr ( ) = ma |
68- ma .getMethod ( ) .hasName ( "random" ) and
69- ma .getMethod ( ) .getDeclaringType ( ) .hasQualifiedName ( "java.lang" , "Math" )
70- )
61+ this .asExpr ( ) .( MethodAccess ) .getMethod ( ) .hasQualifiedName ( "java.lang" , "Math" , "random" )
7162 }
7263}
7364
@@ -98,7 +89,7 @@ abstract class WeakRandomnessSink extends DataFlow::Node { }
9889 */
9990private class CookieSink extends WeakRandomnessSink {
10091 CookieSink ( ) {
101- this .asExpr ( ) . getType ( ) instanceof TypeCookie and
92+ this .getType ( ) instanceof TypeCookie and
10293 exists ( MethodAccess ma | ma .getMethod ( ) .hasName ( "addCookie" ) |
10394 ma .getArgument ( 0 ) = this .asExpr ( )
10495 )
@@ -142,14 +133,13 @@ module WeakRandomnessConfig implements DataFlow::ConfigSig {
142133 exists ( MethodAccess ma , Method m |
143134 n1 .asExpr ( ) = ma .getQualifier ( ) and
144135 ma .getMethod ( ) = m and
145- m .getDeclaringType ( ) .getAnAncestor ( ) instanceof TypeRandom and
146- (
147- m .hasName ( [ "nextInt" , "nextLong" , "nextFloat" , "nextDouble" , "nextBoolean" , "nextGaussian" ] ) and
148- n2 .asExpr ( ) = ma
149- or
150- m .hasName ( "nextBytes" ) and
151- n2 .( DataFlow:: PostUpdateNode ) .getPreUpdateNode ( ) .asExpr ( ) = ma .getArgument ( 0 )
152- )
136+ m .getDeclaringType ( ) .getAnAncestor ( ) instanceof TypeRandom
137+ |
138+ m .hasName ( [ "nextInt" , "nextLong" , "nextFloat" , "nextDouble" , "nextBoolean" , "nextGaussian" ] ) and
139+ n2 .asExpr ( ) = ma
140+ or
141+ m .hasName ( "nextBytes" ) and
142+ n2 .( DataFlow:: PostUpdateNode ) .getPreUpdateNode ( ) .asExpr ( ) = ma .getArgument ( 0 )
153143 )
154144 or
155145 covertsBytesToString ( n1 , n2 )
0 commit comments