C++: Move ExternalAPI files into query directory to prevent out-of-tree use.

2026-04-29 10:45:15 +02:00 · 2020-11-18 09:28:50 +01:00
parent f16591dffc
commit 09c5caa3bd
11 changed files with 12 additions and 10 deletions
--- a/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
@@ -9,7 +9,7 @@
 */

 import cpp
-import semmle.code.cpp.security.ExternalAPIs
+import ExternalAPIs

 from ExternalAPIUsedWithUntrustedData externalAPI
 select externalAPI, count(externalAPI.getUntrustedDataNode()) as numberOfUses,
--- a/cpp/ql/src/semmle/code/cpp/security/ExternalAPIs.qll
+++ b/cpp/ql/src/semmle/code/cpp/security/ExternalAPIs.qll
@@ -6,7 +6,7 @@
 private import cpp
 private import semmle.code.cpp.models.interfaces.DataFlow
 private import semmle.code.cpp.models.interfaces.Taint
-import implementation.ExternalAPIsSpecific
+import ExternalAPIsSpecific

 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalAPIDataNode extends ExternalAPIDataNode {
--- a/cpp/ql/src/semmle/code/cpp/security/implementation/ExternalAPIsSpecific.qll
+++ b/cpp/ql/src/semmle/code/cpp/security/implementation/ExternalAPIsSpecific.qll
--- a/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
@@ -9,7 +9,7 @@
 */

 import cpp
-import semmle.code.cpp.security.ir.ExternalAPIs
+import ir.ExternalAPIs

 from ExternalAPIUsedWithUntrustedData externalAPI
 select externalAPI, count(externalAPI.getUntrustedDataNode()) as numberOfUses,
--- a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
@@ -10,7 +10,7 @@

 import cpp
 import semmle.code.cpp.ir.dataflow.TaintTracking
-import semmle.code.cpp.security.ir.ExternalAPIs
+import ir.ExternalAPIs
 import semmle.code.cpp.security.FlowSources
 import DataFlow::PathGraph

--- a/cpp/ql/src/semmle/code/cpp/security/implementation/SafeExternalAPIFunction.qll
+++ b/cpp/ql/src/semmle/code/cpp/security/implementation/SafeExternalAPIFunction.qll
@@ -3,6 +3,7 @@
 */

 private import cpp
+private import semmle.code.cpp.models.implementations.Pure

 /**
 * A `Function` that is considered a "safe" external API from a security perspective.
--- a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
@@ -10,7 +10,7 @@

 import cpp
 import semmle.code.cpp.dataflow.TaintTracking
-import semmle.code.cpp.security.ExternalAPIs
+import ExternalAPIs
 import DataFlow::PathGraph

 from UntrustedDataToExternalAPIConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
--- a/cpp/ql/src/semmle/code/cpp/security/ir/ExternalAPIs.qll
+++ b/cpp/ql/src/semmle/code/cpp/security/ir/ExternalAPIs.qll
@@ -6,7 +6,7 @@
 private import cpp
 private import semmle.code.cpp.models.interfaces.DataFlow
 private import semmle.code.cpp.models.interfaces.Taint
-import implementation.ExternalAPIsSpecific
+import ExternalAPIsSpecific

 /** A node representing untrusted data being passed to an external API. */
 class UntrustedExternalAPIDataNode extends ExternalAPIDataNode {
--- a/cpp/ql/src/semmle/code/cpp/security/ir/implementation/ExternalAPIsSpecific.qll
+++ b/cpp/ql/src/semmle/code/cpp/security/ir/implementation/ExternalAPIsSpecific.qll
--- a/cpp/ql/src/semmle/code/cpp/security/ir/implementation/SafeExternalAPIFunction.qll
+++ b/cpp/ql/src/semmle/code/cpp/security/ir/implementation/SafeExternalAPIFunction.qll
@@ -3,6 +3,7 @@
 */

 private import cpp
+private import semmle.code.cpp.models.implementations.Pure

 /**
 * A `Function` that is considered a "safe" external API from a security perspective.