Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit dc3e4cd

Browse files
egregius313egregius313
committed
Refactored method accesses to the RandomDataSource library
1 parent ce7690b commit dc3e4cd

2 files changed

Lines changed: 28 additions & 52 deletions

File tree

java/ql/lib/semmle/code/java/security/RandomDataSource.qll

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -107,6 +107,15 @@ class StdlibRandomSource extends RandomDataSource {
107107
}
108108
}
109109

110+
/**
111+
* A method access calling the `random` of `java.lang.Math`.
112+
*/
113+
class MathRandomSource extends RandomDataSource {
114+
MathRandomSource() { this.getMethod().hasQualifiedName("java.lang", "Math", "random") }
115+
116+
override Expr getOutput() { result = this }
117+
}
118+
110119
/**
111120
* A method access calling a method declared on `org.apache.commons.lang3.RandomUtils`
112121
* that returns random data or writes random data to an argument.
@@ -143,3 +152,17 @@ class ApacheCommonsRandomSource extends RandomDataSource {
143152

144153
override Expr getOutput() { result = this }
145154
}
155+
156+
/**
157+
* A method access calling a method declared on `org.apache.commons.lang3.RandomStringUtils`
158+
*/
159+
class ApacheCommonsRandomStringSource extends RandomDataSource {
160+
ApacheCommonsRandomStringSource() {
161+
exists(Method m | m = this.getMethod() |
162+
m.getName().matches("random%") and
163+
m.getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "RandomStringUtils")
164+
)
165+
}
166+
167+
override Expr getOutput() { result = this }
168+
}

java/ql/lib/semmle/code/java/security/WeakRandomnessQuery.qll

Lines changed: 5 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -21,44 +21,11 @@ class TypeRandom extends RefType {
2121
*/
2222
abstract class WeakRandomnessSource extends DataFlow::Node { }
2323

24-
/**
25-
* A node representing a call to a constructor of `java.util.Random`.
26-
*/
27-
private class JavaRandomSource extends WeakRandomnessSource {
28-
JavaRandomSource() { this.asExpr().(ClassInstanceExpr).getType() instanceof TypeRandom }
29-
}
30-
31-
/**
32-
* A node representing a call to one of the methods of `org.apache.commons.lang.RandomStringUtils`.
33-
*/
34-
private class ApacheRandomStringUtilsMethodAccessSource extends WeakRandomnessSource {
35-
ApacheRandomStringUtilsMethodAccessSource() {
36-
this.asExpr()
37-
.(MethodAccess)
38-
.getMethod()
39-
.hasQualifiedName("org.apache.commons.lang", "RandomStringUtils",
40-
[
41-
"random", "randomAlphabetic", "randomAlphanumeric", "randomAscii", "randomGraph",
42-
"randomNumeric", "randomPrint"
43-
])
44-
}
45-
}
46-
47-
private class ThreadLocalRandomSource extends WeakRandomnessSource {
48-
ThreadLocalRandomSource() {
49-
this.asExpr()
50-
.(MethodAccess)
51-
.getMethod()
52-
.hasQualifiedName("java.util.concurrent", "ThreadLocalRandom", "current")
53-
}
54-
}
55-
56-
/**
57-
* The `random` method of `java.lang.Math`.
58-
*/
59-
private class MathRandomMethodAccess extends WeakRandomnessSource {
60-
MathRandomMethodAccess() {
61-
this.asExpr().(MethodAccess).getMethod().hasQualifiedName("java.lang", "Math", "random")
24+
private class RandomMethodSource extends WeakRandomnessSource {
25+
RandomMethodSource() {
26+
exists(RandomDataSource s | this.asExpr() = s.getOutput() |
27+
not s.getQualifier().getType() instanceof SafeRandomImplementation
28+
)
6229
}
6330
}
6431

@@ -121,27 +88,13 @@ module WeakRandomnessConfig implements DataFlow::ConfigSig {
12188

12289
predicate isSink(DataFlow::Node sink) { sink instanceof WeakRandomnessSink }
12390

124-
predicate isBarrier(DataFlow::Node n) { n.getTypeBound() instanceof SafeRandomImplementation }
125-
12691
predicate isBarrierIn(DataFlow::Node n) { isSource(n) }
12792

12893
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
12994
n1.asExpr() = n2.asExpr().(BinaryExpr).getAnOperand()
13095
or
13196
n1.asExpr() = n2.asExpr().(UnaryExpr).getExpr()
13297
or
133-
exists(MethodAccess ma, Method m |
134-
n1.asExpr() = ma.getQualifier() and
135-
ma.getMethod() = m and
136-
m.getDeclaringType().getAnAncestor() instanceof TypeRandom
137-
|
138-
m.hasName(["nextInt", "nextLong", "nextFloat", "nextDouble", "nextBoolean", "nextGaussian"]) and
139-
n2.asExpr() = ma
140-
or
141-
m.hasName("nextBytes") and
142-
n2.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = ma.getArgument(0)
143-
)
144-
or
14598
covertsBytesToString(n1, n2)
14699
}
147100
}

0 commit comments

Comments
 (0)