Merge pull request github#3086 from aschackmull/java/apache-base64-taint

yo-h · web-flow · commit bcda481d4ac6 · 2020-03-20T13:49:20.000-04:00
Java: Add apache Base64 taint steps.
diff --git a/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
@@ -445,6 +445,13 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {
     method.getName() = "wrap" and arg = 0
   )
   or
+  method.getDeclaringType().hasQualifiedName("org.apache.commons.codec.binary", "Base64") and
+  (
+    method.getName() = "decodeBase64" and arg = 0
+    or
+    method.getName().matches("encodeBase64%") and arg = 0
+  )
+  or
   method.getDeclaringType().hasQualifiedName("org.apache.commons.io", "IOUtils") and
   (
     method.getName() = "buffer" and arg = 0

Original file line number	Diff line number	Diff line change
`@@ -445,6 +445,13 @@ private predicate taintPreservingArgumentToMethod(Method method, int arg) {`
`445`	`445`	`method.getName() = "wrap" and arg = 0`
`446`	`446`	`)`
`447`	`447`	`or`
	`448`	`+ method.getDeclaringType().hasQualifiedName("org.apache.commons.codec.binary", "Base64") and`
	`449`	`+ (`
	`450`	`+ method.getName() = "decodeBase64" and arg = 0`
	`451`	`+ or`
	`452`	`+ method.getName().matches("encodeBase64%") and arg = 0`
	`453`	`+ )`
	`454`	`+ or`
`448`	`455`	`method.getDeclaringType().hasQualifiedName("org.apache.commons.io", "IOUtils") and`
`449`	`456`	`(`
`450`	`457`	`method.getName() = "buffer" and arg = 0`