-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Java] - Limiting Flows Based on Patterns #18050
Comments
The predicate URL url = new URL("http://auth.companyportal.com/auth?userId=" + userId + "&token=" + authToken);
... Note: in general it is best to avoid |
Hello @aibaars, Thank you for your response. I agree it is restrictive, and that there are many more ways that that a URL can be constructed with query params. I am using this as a proof of concept and eventually plan to extend the For right now, I am confused as to why this query isn't picking up on the simple example that I am testing. Is it correct to do this in the where clause like I have? Or should it be done differently? For example, I tried switching my query to use Giving me
I haven't ever been able to get tainttracking to work without this error which is why I use the Here is my query using this method for reference
|
That error means the path graph is missing . I think you need to add import TaintedPathFlow::PathGraph |
Hi @aibaars I tried
However, it says that it's not defined, I am using version 2.17 so I am not sure if it was recently added. However, I can't upgrade due to legacy queries. With that said, I almost have it working with Using
This means that indirect uses like this aren't detected
I tried recursively traversing back up the flow path using the Recursive attempt.
Full query without recursion
Thank you, for any help |
No, I think I just remembered it wrong. In one of the versions of the query tt looks like you were missing
|
Hello, I am trying to restrict flows to only include those that have a source flow that is used as a query parameter.
For example, say authToken is a source,
However, my current query is picking up false positives where the source isn't used as a query parameter but somehow reaches the sink. Such as a dummy example like this
To address this I added a
isValidQueryParamFlow
predicate to my query that matches based on".*\\?.*=.*"
however, this causes all of the expected detections to be removed. Even if I remove the regex, or relax the restrictions there still aren't any results. I know the rest of the query is operating as it should since I am getting the expected results without this check. So, I believe it is an issue with how I am performing this filtering.Here is my full query
Any help is appreciated, thank you,
The text was updated successfully, but these errors were encountered: