File tree Expand file tree Collapse file tree
lib/semmle/code/java/security Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ /** Provides taint-tracking configurations to reason about arithmetic using local-user-controlled data. */
2+
3+ import java
4+ import semmle.code.java.dataflow.FlowSources
5+ import semmle.code.java.security.ArithmeticCommon
6+
7+ /**
8+ * A taint-tracking configuration to reason about arithmetic overflow using local-user-controlled data.
9+ */
10+ module ArithmeticTaintedLocalOverflowConfig implements DataFlow:: ConfigSig {
11+ predicate isSource ( DataFlow:: Node source ) { source instanceof LocalUserInput }
12+
13+ predicate isSink ( DataFlow:: Node sink ) { overflowSink ( _, sink .asExpr ( ) ) }
14+
15+ predicate isBarrier ( DataFlow:: Node n ) { overflowBarrier ( n ) }
16+ }
17+
18+ /**
19+ * Taint-tracking flow for arithmetic overflow using local-user-controlled data.
20+ */
21+ module ArithmeticTaintedLocalOverflowFlow =
22+ TaintTracking:: Global< ArithmeticTaintedLocalOverflowConfig > ;
23+
24+ /**
25+ * A taint-tracking configuration to reason about arithmetic underflow using local-user-controlled data.
26+ */
27+ module ArithmeticTaintedLocalUnderflowConfig implements DataFlow:: ConfigSig {
28+ predicate isSource ( DataFlow:: Node source ) { source instanceof LocalUserInput }
29+
30+ predicate isSink ( DataFlow:: Node sink ) { underflowSink ( _, sink .asExpr ( ) ) }
31+
32+ predicate isBarrier ( DataFlow:: Node n ) { underflowBarrier ( n ) }
33+ }
34+
35+ /**
36+ * Taint-tracking flow for arithmetic underflow using local-user-controlled data.
37+ */
38+ module ArithmeticTaintedLocalUnderflowFlow =
39+ TaintTracking:: Global< ArithmeticTaintedLocalUnderflowConfig > ;
Original file line number Diff line number Diff line change 1313 */
1414
1515import java
16- import semmle.code.java.dataflow.FlowSources
17- import ArithmeticCommon
18-
19- module ArithmeticTaintedLocalOverflowConfig implements DataFlow:: ConfigSig {
20- predicate isSource ( DataFlow:: Node source ) { source instanceof LocalUserInput }
21-
22- predicate isSink ( DataFlow:: Node sink ) { overflowSink ( _, sink .asExpr ( ) ) }
23-
24- predicate isBarrier ( DataFlow:: Node n ) { overflowBarrier ( n ) }
25- }
26-
27- module ArithmeticTaintedLocalOverflowFlow =
28- TaintTracking:: Global< ArithmeticTaintedLocalOverflowConfig > ;
29-
30- module ArithmeticTaintedLocalUnderflowConfig implements DataFlow:: ConfigSig {
31- predicate isSource ( DataFlow:: Node source ) { source instanceof LocalUserInput }
32-
33- predicate isSink ( DataFlow:: Node sink ) { underflowSink ( _, sink .asExpr ( ) ) }
34-
35- predicate isBarrier ( DataFlow:: Node n ) { underflowBarrier ( n ) }
36- }
37-
38- module ArithmeticTaintedLocalUnderflowFlow =
39- TaintTracking:: Global< ArithmeticTaintedLocalUnderflowConfig > ;
16+ import semmle.code.java.security.ArithmeticTaintedLocalQuery
4017
4118module Flow =
4219 DataFlow:: MergePathGraph< ArithmeticTaintedLocalOverflowFlow:: PathNode ,
You can’t perform that action at this time.
0 commit comments