Skip to content

Commit 5965360

Browse files
Alvaro MuñozGeekMasher
authored andcommitted
Update hasQualifiedName to hasFullyQualifiedName
1 parent 7d480bd commit 5965360

File tree

2 files changed

+64
-52
lines changed

2 files changed

+64
-52
lines changed

csharp/lib/ghsl/HardcodedCredentials.qll

Lines changed: 59 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
21
private import csharp
32
private import semmle.code.csharp.frameworks.Moq
43
private import semmle.code.csharp.frameworks.System
@@ -25,10 +24,10 @@ abstract class Sanitizer extends DataFlow::ExprNode { }
2524
class NonEmptyStringLiteral extends Source {
2625
NonEmptyStringLiteral() {
2726
exists(StringLiteral literal |
28-
this.getExpr() = literal
29-
and literal.getValue().length() > 1
30-
and literal.fromSource()
31-
and not literal.getValue().matches("${%}")
27+
this.getExpr() = literal and
28+
literal.getValue().length() > 1 and
29+
literal.fromSource() and
30+
not literal.getValue().matches("${%}")
3231
)
3332
}
3433
}
@@ -42,8 +41,8 @@ class ByteArrayLiteral extends Source {
4241
any(ArrayCreation ac |
4342
ac.getArrayType().getElementType() instanceof ByteType and
4443
ac.hasInitializer()
45-
)
46-
and this.getExpr().fromSource()
44+
) and
45+
this.getExpr().fromSource()
4746
}
4847
}
4948

@@ -56,8 +55,8 @@ class CharArrayLiteral extends Source {
5655
any(ArrayCreation ac |
5756
ac.getArrayType().getElementType() instanceof CharType and
5857
ac.hasInitializer()
59-
)
60-
and this.getExpr().fromSource()
58+
) and
59+
this.getExpr().fromSource()
6160
}
6261
}
6362

@@ -67,9 +66,7 @@ class LiteralToSecurityKeyConfig extends TaintTracking::Configuration {
6766

6867
override predicate isSource(DataFlow::Node source) { source instanceof Source }
6968

70-
override predicate isSink(DataFlow::Node sink) {
71-
sink instanceof Sink
72-
}
69+
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
7370

7471
override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer }
7572
}
@@ -78,49 +75,50 @@ class SymmetricSecurityKey extends Sink {
7875
SymmetricSecurityKey() {
7976
exists(ObjectCreation securityKey |
8077
securityKey.getAnArgument() = this.getExpr() and
81-
securityKey.getType().getQualifiedName() in [
82-
"Microsoft.IdentityModel.Tokens.SymmetricSecurityKey",
83-
"System.IdentityModel.Tokens.SymmetricSecurityKey"
84-
]
78+
securityKey
79+
.getType()
80+
.hasFullyQualifiedName(["Microsoft.IdentityModel.Tokens", "System.IdentityModel.Tokens"],
81+
"SymmetricSecurityKey")
8582
)
8683
}
8784
}
8885

89-
90-
/**
86+
/**
9187
* A result from a mock interface
9288
* Ignore values that are ultimately returned by mocks, as they don't represent "real" credentials.
93-
*/
89+
*/
9490
class MockSanitizer extends Sanitizer {
9591
MockSanitizer() {
96-
exists(ReturnedByMockObject mock|
97-
mock.getAMemberInitializationValue() = this.asExpr()
98-
or mock.getAnArgument() = this.asExpr()
92+
exists(ReturnedByMockObject mock |
93+
mock.getAMemberInitializationValue() = this.asExpr() or
94+
mock.getAnArgument() = this.asExpr()
9995
)
10096
}
10197
}
10298

103-
/**
99+
/**
104100
* A result from a mock interface
105101
* The function is not itself marked as a mock, but all uses of it are in mocks.
106-
*/
102+
*/
107103
class MockSanitizer2 extends Sanitizer {
108104
MockSanitizer2() {
109105
exists(Method method, ReturnedByMockObject mock |
110106
exists(Call call |
111-
call = method.getACall() and method.getAChild*() = this.asExpr() and
107+
call = method.getACall() and
108+
method.getAChild*() = this.asExpr() and
112109
(
113-
mock.getAMemberInitializationValue().getAChild*() = call
114-
or mock.getAnArgument().getAChild*() = call
110+
mock.getAMemberInitializationValue().getAChild*() = call or
111+
mock.getAnArgument().getAChild*() = call
115112
)
116-
)
117-
and not exists(Call call |
118-
call = method.getACall() and method.getAChild*() = this.asExpr() and
113+
) and
114+
not exists(Call call |
115+
call = method.getACall() and
116+
method.getAChild*() = this.asExpr() and
119117
not (
120-
mock.getAMemberInitializationValue().getAChild*() = call
121-
or mock.getAnArgument().getAChild*() = call
122-
)
118+
mock.getAMemberInitializationValue().getAChild*() = call or
119+
mock.getAnArgument().getAChild*() = call
123120
)
121+
)
124122
)
125123
}
126124
}
@@ -161,11 +159,12 @@ class ToStringSanitizer extends Sanitizer {
161159
class ConfigurationSanitizer extends Sanitizer {
162160
ConfigurationSanitizer() {
163161
exists(Access configuration, MethodCall call |
164-
configuration.getType().getQualifiedName() in [
165-
"Microsoft.Extensions.Configuration.IConfiguration", "Microsoft.Extensions.Configuration.ConfigurationManager"
166-
]
167-
and call.getQualifier() = configuration
168-
and call.getAnArgument() = this.getExpr()
162+
configuration
163+
.getType()
164+
.hasFullyQualifiedName("Microsoft.Extensions.Configuration",
165+
["IConfiguration", "ConfigurationManager"]) and
166+
call.getQualifier() = configuration and
167+
call.getAnArgument() = this.getExpr()
169168
)
170169
}
171170
}
@@ -175,9 +174,14 @@ class ConfigurationSanitizer extends Sanitizer {
175174
*/
176175
class FileSanitizer extends Sanitizer {
177176
FileSanitizer() {
178-
exists(Call c | c.getTarget().hasQualifiedName("System.IO.File", [
179-
"ReadAllBytes", "ReadAllText", "Open", "OpenText", "OpenRead", "OpenHandle", "ReadAllTextAsync", "ReadAllBytesAsync", "ReadAllLines", "ReadAllLinesAsync", "ReadLines", "ReadLinesAsync", "OpenTextAsync"
180-
]) and
177+
exists(Call c |
178+
c.getTarget()
179+
.hasFullyQualifiedName("System.IO.File",
180+
[
181+
"ReadAllBytes", "ReadAllText", "Open", "OpenText", "OpenRead", "OpenHandle",
182+
"ReadAllTextAsync", "ReadAllBytesAsync", "ReadAllLines", "ReadAllLinesAsync",
183+
"ReadLines", "ReadLinesAsync", "OpenTextAsync"
184+
]) and
181185
c.getAnArgument() = this.getExpr()
182186
)
183187
}
@@ -207,7 +211,8 @@ class TestClassSanitizer extends Sanitizer {
207211
*/
208212
class TestNamespaceSanitizer extends Sanitizer {
209213
TestNamespaceSanitizer() {
210-
exists(Namespace n | n.getName().matches(["Test%", "%Test", "%Tests", "Mock%", "%Mocks", "%Mock", "Fake%"]) and
214+
exists(Namespace n |
215+
n.getName().matches(["Test%", "%Test", "%Tests", "Mock%", "%Mocks", "%Mock", "Fake%"]) and
211216
(
212217
this.getExpr() = n.getAClass().getAMethod().getAChild*() or
213218
this.getExpr() = n.getAClass().getAField().getAChild*() or
@@ -222,13 +227,18 @@ class TestNamespaceSanitizer extends Sanitizer {
222227
*/
223228
class DebugSanitizer extends Sanitizer {
224229
DebugSanitizer() {
225-
exists(IfDirective if_d, EndifDirective endif_d, Location if_loc, Location endif_loc, Location loc |
230+
exists(
231+
IfDirective if_d, EndifDirective endif_d, Location if_loc, Location endif_loc, Location loc
232+
|
226233
loc = this.getLocation() and
227-
if_d.getCondition().toString() = "DEBUG" and if_d.getEndifDirective() = endif_d
228-
and if_d.getLocation() = if_loc and endif_d.getLocation() = endif_loc
229-
and loc.getStartLine() > if_loc.getEndLine()
230-
and loc.getEndLine() < endif_loc.getStartLine()
231-
and loc.getFile() = if_loc.getFile()
234+
if_d.getCondition().toString() = "DEBUG" and
235+
if_d.getEndifDirective() = endif_d and
236+
if_d.getLocation() = if_loc and
237+
endif_d.getLocation() = endif_loc and
238+
loc.getStartLine() > if_loc.getEndLine() and
239+
loc.getEndLine() < endif_loc.getStartLine() and
240+
loc.getFile() = if_loc.getFile()
232241
)
233242
}
234-
}
243+
}
244+

csharp/src/security/CWE-328/WeakHashingAlgorithms.ql

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,17 +15,19 @@
1515
import csharp
1616

1717
predicate incorrectUseOfMD5CryptoServiceProvider(ObjectCreation e, string msg) {
18-
e.getType().(Class).hasQualifiedName("System.Security.Cryptography", "MD5CryptoServiceProvider") and
18+
e.getType()
19+
.(Class)
20+
.hasFullyQualifiedName("System.Security.Cryptography", "MD5CryptoServiceProvider") and
1921
msg =
2022
"This function creates a new MD5CryptoServiceProvider() object, which uses a cryptographically weak hash algorithm"
2123
}
2224

2325
predicate incorrectUseOfMD5Create(Call e, string msg) {
2426
(
25-
e.getType().(Class).hasQualifiedName("System.Security.Cryptography", "MD5") and
27+
e.getType().(Class).hasFullyQualifiedName("System.Security.Cryptography", "MD5") and
2628
e.getTarget().hasName("Create")
2729
or
28-
e.getType().(Class).hasQualifiedName("System.Security.Cryptography", "HashAlgorithm") and
30+
e.getType().(Class).hasFullyQualifiedName("System.Security.Cryptography", "HashAlgorithm") and
2931
e.getTarget().hasName("Create") and
3032
(
3133
e.getArgument(0).(StringLiteral).getValue() = "MD5" or

0 commit comments

Comments
 (0)