Skip to content

Commit 2d458f7

Browse files
egregius313egregius313
committed
Add a superclass for credential nodes
1 parent dccb394 commit 2d458f7

File tree

2 files changed

+12
-19
lines changed

2 files changed

+12
-19
lines changed

java/ql/lib/semmle/code/java/security/HardcodedCredentials.qll

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -58,12 +58,7 @@ abstract class CredentialsSink extends Expr {
5858
* credentials.
5959
*/
6060
class CredentialsApiSink extends CredentialsSink {
61-
CredentialsApiSink() {
62-
this = any(PasswordParameter p).asExpr() or
63-
this = any(UsernameParameter p).asExpr() or
64-
this = any(CryptoKeyParameter p).asExpr() or
65-
this = any(CredentialParameter p).asExpr()
66-
}
61+
CredentialsApiSink() { this = any(CredentialSinkNode csn).asExpr() }
6762
}
6863

6964
/**

java/ql/lib/semmle/code/java/security/SensitiveApi.qll

Lines changed: 11 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -7,31 +7,29 @@ private import semmle.code.java.dataflow.DataFlow
77
private import semmle.code.java.dataflow.ExternalFlow
88

99
/**
10-
* A node representing a password being passed to a method.
10+
* A node which represents the use of a credential.
1111
*/
12-
class PasswordParameter extends DataFlow::Node {
13-
PasswordParameter() { sinkNode(this, "credential-password") }
14-
}
12+
abstract class CredentialSinkNode extends DataFlow::Node { }
1513

1614
/**
17-
* A node representing a username being passed to a method.
15+
* A node representing a password being passed to a method.
1816
*/
19-
class UsernameParameter extends DataFlow::Node {
20-
UsernameParameter() { sinkNode(this, "credential-username") }
17+
class PasswordSink extends CredentialSinkNode {
18+
PasswordSink() { sinkNode(this, "credential-password") }
2119
}
2220

2321
/**
24-
* A node representing a cryptographic key being passed to a method.
22+
* A node representing a username being passed to a method.
2523
*/
26-
class CryptoKeyParameter extends DataFlow::Node {
27-
CryptoKeyParameter() { sinkNode(this, "crypto-parameter") }
24+
class UsernameSink extends CredentialSinkNode {
25+
UsernameSink() { sinkNode(this, "credential-username") }
2826
}
2927

3028
/**
31-
* A node representing a credential being passed to a method.
29+
* A node representing a cryptographic key being passed to a method.
3230
*/
33-
class CredentialParameter extends DataFlow::Node {
34-
CredentialParameter() { sinkNode(this, "credential-other") }
31+
class CryptoKeySink extends CredentialSinkNode {
32+
CryptoKeySink() { sinkNode(this, "crypto-parameter") }
3533
}
3634

3735
/**

0 commit comments

Comments
 (0)