Skip to content

Commit 32c5462

Browse files
committed
Drop fieldName from the function for runtime evaluation
1 parent e5a703e commit 32c5462

File tree

1 file changed

+5
-15
lines changed

1 file changed

+5
-15
lines changed

java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql

Lines changed: 5 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -91,35 +91,25 @@ predicate isProviderUrlSetter(MethodAccess ma) {
9191
/**
9292
* Holds if `ma` sets `fieldValue` with attribute name `fieldName` to `envValue` in some `Hashtable`.
9393
*/
94-
bindingset[fieldName, fieldValue, envValue]
95-
predicate hasEnvWithValue(MethodAccess ma, string fieldName, string fieldValue, string envValue) {
94+
bindingset[fieldValue, envValue]
95+
predicate hasEnvWithValue(MethodAccess ma, string fieldValue, string envValue) {
9696
ma.getMethod().getDeclaringType().getAnAncestor() instanceof TypeHashtable and
9797
(ma.getMethod().hasName("put") or ma.getMethod().hasName("setProperty")) and
98-
(
99-
ma.getArgument(0).(CompileTimeConstantExpr).getStringValue() = fieldValue
100-
or
101-
exists(Field f |
102-
ma.getArgument(0) = f.getAnAccess() and
103-
f.hasName(fieldName) and
104-
f.getDeclaringType() instanceof TypeNamingContext
105-
)
106-
) and
98+
ma.getArgument(0).(CompileTimeConstantExpr).getStringValue() = fieldValue and
10799
ma.getArgument(1).(CompileTimeConstantExpr).getStringValue() = envValue
108100
}
109101

110102
/**
111103
* Holds if `ma` sets `java.naming.security.authentication` (also known as `Context.SECURITY_AUTHENTICATION`) to `simple` in some `Hashtable`.
112104
*/
113105
predicate isBasicAuthEnv(MethodAccess ma) {
114-
hasEnvWithValue(ma, "SECURITY_AUTHENTICATION", "java.naming.security.authentication", "simple")
106+
hasEnvWithValue(ma, "java.naming.security.authentication", "simple")
115107
}
116108

117109
/**
118110
* Holds if `ma` sets `java.naming.security.protocol` (also known as `Context.SECURITY_PROTOCOL`) to `ssl` in some `Hashtable`.
119111
*/
120-
predicate isSSLEnv(MethodAccess ma) {
121-
hasEnvWithValue(ma, "SECURITY_PROTOCOL", "java.naming.security.protocol", "ssl")
122-
}
112+
predicate isSSLEnv(MethodAccess ma) { hasEnvWithValue(ma, "java.naming.security.protocol", "ssl") }
123113

124114
/**
125115
* A taint-tracking configuration for `ldap://` URL in LDAP authentication.

0 commit comments

Comments
 (0)