Skip to content

Commit 6fa267a

Browse files
alexrfordalexrford
committed
Ruby: configsig rb/clear-text-storage-sensitive-data
1 parent 2a2f21d commit 6fa267a

2 files changed

Lines changed: 29 additions & 12 deletions

File tree

ruby/ql/lib/codeql/ruby/security/CleartextStorageQuery.qll

Lines changed: 26 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,32 +2,50 @@
22
* Provides a taint-tracking configuration for "Clear-text storage of sensitive information".
33
*
44
* Note, for performance reasons: only import this file if
5-
* `Configuration` is needed, otherwise `CleartextStorageCustomizations` should be
6-
* imported instead.
5+
* `CleartextStorageFlow` is needed, otherwise
6+
* `CleartextStorageCustomizations` should be imported instead.
77
*/
88

99
private import codeql.ruby.AST
1010
private import codeql.ruby.DataFlow
1111
private import codeql.ruby.TaintTracking
12-
private import CleartextStorageCustomizations::CleartextStorage as CleartextStorage
12+
private import CleartextStorageCustomizations::CleartextStorage as CS
1313

1414
/**
1515
* A taint-tracking configuration for detecting "Clear-text storage of sensitive information".
16+
* DEPRECATED: Use `CleartextStorageFlow` instead
1617
*/
17-
class Configuration extends TaintTracking::Configuration {
18+
deprecated class Configuration extends TaintTracking::Configuration {
1819
Configuration() { this = "CleartextStorage" }
1920

20-
override predicate isSource(DataFlow::Node source) { source instanceof CleartextStorage::Source }
21+
override predicate isSource(DataFlow::Node source) { source instanceof CS::Source }
2122

22-
override predicate isSink(DataFlow::Node sink) { sink instanceof CleartextStorage::Sink }
23+
override predicate isSink(DataFlow::Node sink) { sink instanceof CS::Sink }
2324

2425
override predicate isSanitizer(DataFlow::Node node) {
2526
super.isSanitizer(node)
2627
or
27-
node instanceof CleartextStorage::Sanitizer
28+
node instanceof CS::Sanitizer
2829
}
2930

3031
override predicate isAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
31-
CleartextStorage::isAdditionalTaintStep(nodeFrom, nodeTo)
32+
CS::isAdditionalTaintStep(nodeFrom, nodeTo)
3233
}
3334
}
35+
36+
private module Config implements DataFlow::ConfigSig {
37+
predicate isSource(DataFlow::Node source) { source instanceof CS::Source }
38+
39+
predicate isSink(DataFlow::Node sink) { sink instanceof CS::Sink }
40+
41+
predicate isBarrier(DataFlow::Node node) { node instanceof CS::Sanitizer }
42+
43+
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
44+
CS::isAdditionalTaintStep(nodeFrom, nodeTo)
45+
}
46+
}
47+
48+
/**
49+
* Taint-tracking for detecting "Clear-text storage of sensitive information".
50+
*/
51+
module CleartextStorageFlow = TaintTracking::Global<Config>;

ruby/ql/src/queries/security/cwe-312/CleartextStorage.ql

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,9 @@
1616
import codeql.ruby.AST
1717
import codeql.ruby.security.CleartextStorageQuery
1818
import codeql.ruby.security.CleartextStorageCustomizations::CleartextStorage
19-
import codeql.ruby.DataFlow
20-
import DataFlow::PathGraph
19+
import CleartextStorageFlow::PathGraph
2120

22-
from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
23-
where config.hasFlowPath(source, sink)
21+
from CleartextStorageFlow::PathNode source, CleartextStorageFlow::PathNode sink
22+
where CleartextStorageFlow::flowPath(source, sink)
2423
select sink.getNode(), source, sink, "This stores sensitive data returned by $@ as clear text.",
2524
source.getNode(), source.getNode().(Source).describe()

0 commit comments

Comments
 (0)