Skip to content

Commit 0c0fbc1

Browse files
aegilopsaegilops
committed
Fixed sensitive logging barriers for substring to allow single-arg use
1 parent fa703e3 commit 0c0fbc1

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -61,13 +61,19 @@ private class SensitiveLoggerSanitizerCalled extends SensitiveLoggerBarrier {
6161
m.hasQualifiedName("java.lang", "StringBuffer", "substring") or
6262
m.hasQualifiedName("java.lang", "StringBuilder", "substring")
6363
) and
64-
twoArgLimit(mc, limit, false) and
64+
(
65+
twoArgLimit(mc, limit, false) or
66+
singleArgLimit(mc, limit, false)
67+
) and
6568
this.asExpr() = mc.getQualifier()
6669
or
6770
// Kotlin string operations, which use extension methods (so the string is the first argument)
6871
(
6972
m.hasQualifiedName("kotlin.text", "StringsKt", "substring") and
70-
twoArgLimit(mc, limit, true)
73+
(
74+
twoArgLimit(mc, limit, true) or
75+
singleArgLimit(mc, limit, true)
76+
)
7177
or
7278
m.hasQualifiedName("kotlin.text", "StringsKt", ["take", "takeLast"]) and
7379
singleArgLimit(mc, limit, true)

0 commit comments

Comments
 (0)