Skip to content

Java: add support for alert location restrictions #17190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Sep 23, 2024
Merged

Java: add support for alert location restrictions #17190

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ff78beb
Shared support for alert filtering
cklin Sep 11, 2024
3a1e50d
Dataflow: Simplify diff-informed implementation and tweak flag name.
aschackmull Sep 19, 2024
75ec8ce
Java: apply query alert restrictions
cklin Sep 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl1.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowImplLocal.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl1.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl2.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl1.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl2.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl3.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl4.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl5.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImpl6.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,6 +283,8 @@ deprecated private module Config implements FullStateConfigSig {
FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate includeHiddenNodes() { any(Configuration config).includeHiddenNodes() }

predicate observeDiffInformedIncrementalMode() { none() }
}

deprecated private import Impl<Config> as I
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/AndroidIntentRedirectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ module IntentRedirectionConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
any(IntentRedirectionAdditionalTaintStep c).step(node1, node2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/** Tracks the flow of tainted Intents being used to start Android components. */
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/ExternallyControlledFormatStringQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ module ExternallyControlledFormatStringConfig implements DataFlow::ConfigSig {
predicate isBarrier(DataFlow::Node node) {
node.getType() instanceof NumericType or node.getType() instanceof BooleanType
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/FragmentInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ module FragmentInjectionTaintConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
any(FragmentInjectionAdditionalTaintStep c).step(n1, n2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/GroovyInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ module GroovyInjectionConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
any(GroovyInjectionAdditionalTaintStep c).step(fromNode, toNode)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/ImplicitPendingIntentsQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ module ImplicitPendingIntentStartConfig implements DataFlow::StateConfigSig {
node.getType().(Array).getElementType() instanceof TypeIntent and
c instanceof DataFlow::ArrayContent
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module ImplicitPendingIntentStartFlow =
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ module BeanValidationConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }

predicate isSink(DataFlow::Node sink) { sink instanceof BeanValidationSink }

predicate observeDiffInformedIncrementalMode() { any() }
}

/** Tracks flow from user input to the argument of a method that builds constraint error messages. */
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/InsecureLdapAuthQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ module InsecureLdapUrlConfig implements DataFlow::ConfigSig {
succ.asExpr() = ma.getQualifier()
)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module InsecureLdapUrlFlow = TaintTracking::Global<InsecureLdapUrlConfig>;
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/InsecureRandomnessQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,8 @@ module InsecureRandomnessConfig implements DataFlow::ConfigSig {
n2.asExpr() = c
)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ module KeySizeConfig implements DataFlow::StateConfigSig {
predicate isSink(DataFlow::Node sink, KeySizeState state) {
sink.(InsufficientKeySizeSink).hasState(state)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/** Tracks key sizes used in cryptographic algorithms. */
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulationQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ module IntentUriPermissionManipulationConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
any(IntentUriPermissionManipulationAdditionalTaintStep c).step(node1, node2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/JexlInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ module JexlInjectionConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
any(JexlInjectionAdditionalTaintStep c).step(node1, node2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/JndiInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ module JndiInjectionFlowConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
any(JndiInjectionAdditionalTaintStep c).step(node1, node2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/** Tracks flow of unvalidated user input that is used in JNDI lookup */
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/LdapInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ module LdapInjectionFlowConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
any(LdapInjectionAdditionalTaintStep a).step(pred, succ)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/** Tracks flow from remote sources to LDAP injection vulnerabilities. */
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/MissingJWTSignatureCheckQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ module MissingJwtSignatureCheckConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
any(JwtParserWithInsecureParseAdditionalFlowStep c).step(node1, node2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

module MissingJwtSignatureCheckFlow = DataFlow::Global<MissingJwtSignatureCheckConfig>;
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/MvelInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ module MvelInjectionFlowConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
any(MvelInjectionAdditionalTaintStep c).step(node1, node2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/** Tracks flow of unsafe user input that is used to construct and evaluate a MVEL expression. */
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/NumericCastTaintedQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,8 @@ module NumericCastFlowConfig implements DataFlow::ConfigSig {
}

predicate isBarrierIn(DataFlow::Node node) { isSource(node) }

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/OgnlInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ module OgnlInjectionFlowConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
any(OgnlInjectionAdditionalTaintStep c).step(node1, node2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/** Tracks flow of unvalidated user input that is used in OGNL EL evaluation. */
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/PartialPathTraversalQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ module PartialPathTraversalFromRemoteConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node node) {
any(PartialPathTraversalMethodCall ma).getQualifier() = node.asExpr()
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/** Tracks flow of unsafe user input that is used to validate against path traversal, but is insufficient and remains vulnerable to Partial Path Traversal. */
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/RequestForgeryConfig.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ module RequestForgeryConfig implements DataFlow::ConfigSig {
predicate isBarrier(DataFlow::Node node) { node instanceof RequestForgerySanitizer }

predicate isBarrierIn(DataFlow::Node node) { isSource(node) }

predicate observeDiffInformedIncrementalMode() { any() }
}

module RequestForgeryFlow = TaintTracking::Global<RequestForgeryConfig>;
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/ResponseSplittingQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ module ResponseSplittingConfig implements DataFlow::ConfigSig {
)
)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/**
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/RsaWithoutOaepQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ module RsaWithoutOaepConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) {
exists(CryptoAlgoSpec cr | sink.asExpr() = cr.getAlgoSpec())
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/** Flow for finding RSA ciphers initialized without using OAEP padding. */
Expand Down
2 changes: 2 additions & 0 deletions java/ql/lib/semmle/code/java/security/SpelInjectionQuery.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ module SpelInjectionConfig implements DataFlow::ConfigSig {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
any(SpelExpressionInjectionAdditionalTaintStep c).step(node1, node2)
}

predicate observeDiffInformedIncrementalMode() { any() }
}

/** Tracks flow of unsafe user input that is used to construct and evaluate a SpEL expression. */
Expand Down
Loading
Loading