Simplify Ratpack API using standard abstract classes

2026-05-05 05:35:13 +02:00 · 2021-04-30 17:57:42 -04:00
parent b2e3df29b3
commit 18c74c5030
1 changed files with 2 additions and 14 deletions
--- a/java/ql/src/semmle/code/java/frameworks/ratpack/Ratpack.qll
+++ b/java/ql/src/semmle/code/java/frameworks/ratpack/Ratpack.qll
@@ -91,23 +91,11 @@ class RatpackHeader extends RefType {
  }
 }

-private class RatpackHeaderTaintPropigatingMethod extends Method {
+private class RatpackHeaderTaintPropigatingMethod extends Method, TaintPreservingCallable {
  RatpackHeaderTaintPropigatingMethod() {
    getDeclaringType() instanceof RatpackHeader and
    hasName(["get", "getAll", "getNames", "asMultiValueMap"])
  }
-}

-class TaintPropigatingHeaderMethod extends AdditionalTaintStep {
-  override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
-    stepHeaderPropigatingTaint(node1, node2)
-  }
-
-  private predicate stepHeaderPropigatingTaint(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(MethodAccess ma |
-      ma.getMethod() instanceof RatpackHeaderTaintPropigatingMethod and
-      node2.asExpr() = ma and
-      node1.asExpr() = ma.getQualifier()
-    )
-  }
+  override predicate returnsTaintFrom(int arg) { arg = -1 }
 }