Cleanup after rebase on main

github · May 3, 2022 · cd3662c · cd3662c
1 parent 3a50253
commit cd3662c
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 10 deletions.
diff --git a/java/ql/lib/semmle/code/java/security/TempFileLib.qll b/java/ql/lib/semmle/code/java/security/TempFileLib.qll
@@ -1,7 +1,6 @@
 /** Provides classes to reason about temporary directory vulnerabilities. */
 
 import java
-import semmle.code.java.dataflow.ExternalFlow
 
 /**
  * A `java.io.File::createTempFile` method.
@@ -22,12 +21,3 @@ class MethodFileCreatesDirs extends Method {
     this.hasName(["mkdir", "mkdirs"])
   }
 }
-
-private class TemporaryFileFlow extends SummaryModelCsv {
-  override predicate row(string row) {
-    // qualifier to return
-    row =
-      "java.io;File;true;" + ["getAbsoluteFile", "getCanonicalFile"] +
-        ";;;Argument[-1];ReturnValue;taint"
-  }
-}
diff --git a/.../ql/test/query-tests/security/CWE-378/semmle/tests/TempDirHijackingVulnerability.expected b/.../ql/test/query-tests/security/CWE-378/semmle/tests/TempDirHijackingVulnerability.expected
@@ -88,6 +88,12 @@ edges
 | Test.java:299:9:299:15 | workDir : File | Test.java:300:24:300:30 | workDir : File |
 | Test.java:300:24:300:30 | workDir : File | Test.java:304:32:304:40 | file : File |
 | Test.java:304:32:304:40 | file : File | Test.java:306:14:306:17 | file |
+| Test.java:312:21:312:66 | new File(...) : File | Test.java:314:65:314:68 | temp : File |
+| Test.java:312:30:312:65 | getProperty(...) : String | Test.java:312:21:312:66 | new File(...) : File |
+| Test.java:314:24:314:69 | createTempFile(...) : File | Test.java:315:23:315:29 | workDir : File |
+| Test.java:314:65:314:68 | temp : File | Test.java:314:24:314:69 | createTempFile(...) : File |
+| Test.java:315:23:315:29 | workDir : File | Test.java:315:23:315:29 | workDir : File |
+| Test.java:315:23:315:29 | workDir : File | Test.java:316:9:316:15 | workDir |
 nodes
 | Test.java:11:20:11:59 | createTempFile(...) : File | semmle.label | createTempFile(...) : File |
 | Test.java:12:13:12:16 | temp : File | semmle.label | temp : File |
@@ -196,6 +202,13 @@ nodes
 | Test.java:300:24:300:30 | workDir : File | semmle.label | workDir : File |
 | Test.java:304:32:304:40 | file : File | semmle.label | file : File |
 | Test.java:306:14:306:17 | file | semmle.label | file |
+| Test.java:312:21:312:66 | new File(...) : File | semmle.label | new File(...) : File |
+| Test.java:312:30:312:65 | getProperty(...) : String | semmle.label | getProperty(...) : String |
+| Test.java:314:24:314:69 | createTempFile(...) : File | semmle.label | createTempFile(...) : File |
+| Test.java:314:65:314:68 | temp : File | semmle.label | temp : File |
+| Test.java:315:23:315:29 | workDir : File | semmle.label | workDir : File |
+| Test.java:315:23:315:29 | workDir : File | semmle.label | workDir : File |
+| Test.java:316:9:316:15 | workDir | semmle.label | workDir |
 subpaths
 #select
 | Test.java:13:13:13:16 | temp | Test.java:11:20:11:59 | createTempFile(...) : File | Test.java:13:13:13:16 | temp | Local temporary directory hijacking race condition between $@ and this directory creation call. As such, the directory usage $@ may have been hijacked by another local user. | Test.java:12:13:12:16 | temp | delete here | Test.java:18:9:18:33 | ...=... | here |
@@ -211,3 +224,4 @@ subpaths
 | Test.java:263:9:263:12 | file | Test.java:254:30:254:65 | getProperty(...) : String | Test.java:263:9:263:12 | file | Local temporary directory hijacking race condition between $@ and this directory creation call. As such, the directory usage $@ may have been hijacked by another local user. | Test.java:257:9:257:15 | workDir | delete here | Test.java:259:16:259:22 | workDir | here |
 | Test.java:292:9:292:12 | file | Test.java:282:30:282:65 | getProperty(...) : String | Test.java:292:9:292:12 | file | Local temporary directory hijacking race condition between $@ and this directory creation call. As such, the directory usage $@ may have been hijacked by another local user. | Test.java:285:9:285:15 | workDir | delete here | Test.java:287:16:287:22 | workDir | here |
 | Test.java:306:14:306:17 | file | Test.java:296:30:296:65 | getProperty(...) : String | Test.java:306:14:306:17 | file | Local temporary directory hijacking race condition between $@ and this directory creation call. As such, the directory usage $@ may have been hijacked by another local user. | Test.java:299:9:299:15 | workDir | delete here | Test.java:301:16:301:22 | workDir | here |
+| Test.java:316:9:316:15 | workDir | Test.java:312:30:312:65 | getProperty(...) : String | Test.java:316:9:316:15 | workDir | Local temporary directory hijacking race condition between $@ and this directory creation call. As such, the directory usage $@ may have been hijacked by another local user. | Test.java:315:23:315:29 | workDir | delete here | Test.java:317:16:317:22 | workDir | here |