joernio
Missing connecting flows between property of Object to consumption of Object
We were trying to identify sources and sinks for one sample use case that I have created. Please find the attached zip file with the source code. I created a sample which is a common use case, where the rest APIs are created to take an input payload in the form of a DTO object. Which then transformed into hibernate entity object to store inside DB. Instead of integrating with DB, I just tried to do "println" with the object. Which is a kind of simulation of a real-world scenario. With this example, I intend to identify sources with PII data fields and sinks (println). However, I couldn't get to precise queries that I have to use to identify the flows between source and sinks.
In this example, if I define the source with "Identifier" as "user" and sink as "println". I am able to get the connecting flows between the "user" variable and the "println" statement (it is inside saveUser method). However, it is not the "user" variable that is the source. In this example source is "firstname" or "lastname" or "email" or "phone" which is being passed with "signup" object parameter. Here I am struggling to connect the dot from source to sink. It will be really great if you could throw some light on how we should approach handling this use case.
public class X42 {
public void saveUserAPI(SignupDto signup) {
User user = new User();
user.setFirstName(signup.getFirstName());
user.setLastName(signup.getLastName());
user.setEmail(signup.getEmail());
user.setPhone(signup.getPhone());
user.setPassword(signup.getPassword());
user.setDob(signup.getDob());
String base = "http://localhost/new";
Stub s = new Stub(base);
s.saveUser(user);
}
}
cc: @tuxology
joern> version
res0: String = "1.1.846"
