From 4c9df924b777102ef01b596fed204bc9bff017ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=8F=E5=A4=A9?= <47944478+SummerSec@users.noreply.github.com> Date: Sat, 26 Mar 2022 14:05:03 +0800 Subject: [PATCH 1/7] Update process.py --- process.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/process.py b/process.py index eadeddf..b208eca 100644 --- a/process.py +++ b/process.py @@ -75,6 +75,7 @@ def get(array, i, default): def codeql(*args): args = [codeql_executable] + list(args) print(' '.join(args), flush=True) + output = None try: output = subprocess.run( args, @@ -85,7 +86,8 @@ def codeql(*args): except subprocess.CalledProcessError as cpe: print('Command failed with exit code: ' + str(cpe.returncode)) print('stdout:') - print(cpe.output.decode()) + output = cpe.output + print(output.decode()) print('stderr:') print(cpe.stderr.decode(), flush=True) raise From e5242ab54bb46775fb3263c6787c70662504a0aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=8F=E5=A4=A9?= <47944478+SummerSec@users.noreply.github.com> Date: Sat, 26 Mar 2022 19:47:26 +0800 Subject: [PATCH 2/7] Update query.ql u.ProtocolArg() change to u.getProtocolArg() --- java-debug-pack/sources-and-sinks/java__non_https_url/query.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java-debug-pack/sources-and-sinks/java__non_https_url/query.ql b/java-debug-pack/sources-and-sinks/java__non_https_url/query.ql index cf4a0ab..47838f6 100644 --- a/java-debug-pack/sources-and-sinks/java__non_https_url/query.ql +++ b/java-debug-pack/sources-and-sinks/java__non_https_url/query.ql @@ -51,7 +51,7 @@ class HTTPStringToURLOpenMethodFlowConfig extends TaintTracking::Configuration { override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { exists(UrlConstructorCall u | - node1.asExpr() = u.protocolArg() and + node1.asExpr() = u.getProtocolArg() and node2.asExpr() = u ) } From bcd7a7e49eaa414ea2d13c2c2afb094b750d5ec3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=8F=E5=A4=A9?= <47944478+SummerSec@users.noreply.github.com> Date: Sat, 26 Mar 2022 19:50:33 +0800 Subject: [PATCH 3/7] Update query.ql u.ProtocolArg() change to u.getProtocolArg() --- .../source-and-sink-counts/java__non_https_url/query.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java-debug-pack/source-and-sink-counts/java__non_https_url/query.ql b/java-debug-pack/source-and-sink-counts/java__non_https_url/query.ql index 4b443bc..9c7668a 100644 --- a/java-debug-pack/source-and-sink-counts/java__non_https_url/query.ql +++ b/java-debug-pack/source-and-sink-counts/java__non_https_url/query.ql @@ -44,7 +44,7 @@ class HTTPStringToURLOpenMethodFlowConfig extends TaintTracking::Configuration { override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { exists(UrlConstructorCall u | - node1.asExpr() = u.protocolArg() and + node1.asExpr() = u.getProtocolArg() and node2.asExpr() = u ) } From 15d999a8ec732534109e80127a402f7dd77a7f80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=8F=E5=A4=A9?= <47944478+SummerSec@users.noreply.github.com> Date: Sat, 26 Mar 2022 20:25:48 +0800 Subject: [PATCH 4/7] Update query.ql --- .../sources-and-sinks/java__unsafe_deserialization/query.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql b/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql index 02c3ee6..e308928 100644 --- a/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql +++ b/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql @@ -9,7 +9,7 @@ import java import semmle.code.java.dataflow.FlowSources -import semmle.code.java.security.UnsafeDeserialization +import semmle.code.java.security.UnsafeDeserializationQuery class UnsafeDeserializationConfig extends TaintTracking::Configuration { From 0a9451a7024f164a908f08fb6fe9a151bd1ea82e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=8F=E5=A4=A9?= <47944478+SummerSec@users.noreply.github.com> Date: Sat, 26 Mar 2022 20:26:09 +0800 Subject: [PATCH 5/7] Update query.ql --- .../java__unsafe_deserialization/query.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql b/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql index 58b7d82..4190dc1 100644 --- a/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql +++ b/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql @@ -2,7 +2,7 @@ import java import semmle.code.java.dataflow.FlowSources -import semmle.code.java.security.UnsafeDeserialization +import semmle.code.java.security.UnsafeDeserializationQuery class UnsafeDeserializationConfig extends TaintTracking::Configuration { From 4393cacf0cd74f61830ab7301bcce38f9165a428 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=8F=E5=A4=A9?= <47944478+SummerSec@users.noreply.github.com> Date: Sat, 26 Mar 2022 20:51:32 +0800 Subject: [PATCH 6/7] Update query.ql --- .../sources-and-sinks/java__unsafe_deserialization/query.ql | 6 ------ 1 file changed, 6 deletions(-) diff --git a/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql b/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql index e308928..c573b62 100644 --- a/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql +++ b/java-debug-pack/sources-and-sinks/java__unsafe_deserialization/query.ql @@ -12,13 +12,7 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.UnsafeDeserializationQuery -class UnsafeDeserializationConfig extends TaintTracking::Configuration { - UnsafeDeserializationConfig() { this = "UnsafeDeserializationConfig" } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeDeserializationSink } -} from DataFlow::Node n, string type where exists(string qid | qid = "java/unsafe-deserialization" and ( From 48bcc2acad70b7527a5b7dfe027bf1de97d0339b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=A4=8F=E5=A4=A9?= <47944478+SummerSec@users.noreply.github.com> Date: Sat, 26 Mar 2022 20:51:53 +0800 Subject: [PATCH 7/7] Update query.ql --- .../java__unsafe_deserialization/query.ql | 6 ------ 1 file changed, 6 deletions(-) diff --git a/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql b/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql index 4190dc1..c7067c4 100644 --- a/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql +++ b/java-debug-pack/source-and-sink-counts/java__unsafe_deserialization/query.ql @@ -5,13 +5,7 @@ import semmle.code.java.dataflow.FlowSources import semmle.code.java.security.UnsafeDeserializationQuery -class UnsafeDeserializationConfig extends TaintTracking::Configuration { - UnsafeDeserializationConfig() { this = "UnsafeDeserializationConfig" } - override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof UnsafeDeserializationSink } -} from string type, int amount where exists(string qid | qid = "java/unsafe-deserialization" and (