diff --git a/python/ql/lib/semmle/python/security/dataflow/CleartextLogging.qll b/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll similarity index 89% rename from python/ql/lib/semmle/python/security/dataflow/CleartextLogging.qll rename to python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll index c6aeede798c..6f276bf0f1e 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CleartextLogging.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll @@ -14,10 +14,7 @@ private import semmle.python.dataflow.new.RemoteFlowSources private import semmle.python.dataflow.new.BarrierGuards private import semmle.python.dataflow.new.SensitiveDataSources -/** - * Provides a taint-tracking configuration for detecting "Clear-text logging of sensitive information". - */ -module CleartextLogging { + import CleartextLoggingCustomizations::CleartextLogging /** @@ -36,4 +33,3 @@ module CleartextLogging { node instanceof Sanitizer } } -} diff --git a/python/ql/lib/semmle/python/security/dataflow/CleartextStorage.qll b/python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll similarity index 89% rename from python/ql/lib/semmle/python/security/dataflow/CleartextStorage.qll rename to python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll index 51134f403df..290dcf43e15 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CleartextStorage.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll @@ -14,10 +14,6 @@ private import semmle.python.dataflow.new.RemoteFlowSources private import semmle.python.dataflow.new.BarrierGuards private import semmle.python.dataflow.new.SensitiveDataSources -/** - * Provides a taint-tracking configuration for detecting "Clear-text storage of sensitive information". - */ -module CleartextStorage { import CleartextStorageCustomizations::CleartextStorage /** @@ -36,4 +32,3 @@ module CleartextStorage { node instanceof Sanitizer } } -} diff --git a/python/ql/lib/semmle/python/security/dataflow/CodeInjection.qll b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll similarity index 91% rename from python/ql/lib/semmle/python/security/dataflow/CodeInjection.qll rename to python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll index edf789caec3..178d68ae0fc 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CodeInjection.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll @@ -10,10 +10,6 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting "code injection" vulnerabilities. - */ -module CodeInjection { import CodeInjectionCustomizations::CodeInjection /** @@ -32,7 +28,6 @@ module CodeInjection { guard instanceof SanitizerGuard } } -} /** * DEPRECATED: Don't extend this class for customization, since this will lead to bad diff --git a/python/ql/lib/semmle/python/security/dataflow/CommandInjection.qll b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll similarity index 91% rename from python/ql/lib/semmle/python/security/dataflow/CommandInjection.qll rename to python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll index 211c73bd006..d58a3f36628 100644 --- a/python/ql/lib/semmle/python/security/dataflow/CommandInjection.qll +++ b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll @@ -10,10 +10,6 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting "command injection" vulnerabilities. - */ -module CommandInjection { import CommandInjectionCustomizations::CommandInjection /** @@ -32,7 +28,6 @@ module CommandInjection { guard instanceof SanitizerGuard } } -} /** * DEPRECATED: Don't extend this class for customization, since this will lead to bad diff --git a/python/ql/lib/semmle/python/security/dataflow/LdapInjection.qll b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll similarity index 84% rename from python/ql/lib/semmle/python/security/dataflow/LdapInjection.qll rename to python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll index f4e78056004..ebd0c668406 100644 --- a/python/ql/lib/semmle/python/security/dataflow/LdapInjection.qll +++ b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll @@ -12,14 +12,6 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import semmle.python.dataflow.new.RemoteFlowSources -/** - * Provides aint-tracking configurations for detecting LDAP injection vulnerabilities.class - * - * Two configurations are provided. One is for detecting LDAP injection - * via the distinguished name (DN). The other is for detecting LDAP injection - * via the filter. These require different escapings. - */ -module LdapInjection { import LdapInjectionCustomizations::LdapInjection /** @@ -57,4 +49,3 @@ module LdapInjection { guard instanceof FilterSanitizerGuard } } -} diff --git a/python/ql/lib/semmle/python/security/dataflow/LogInjection.qll b/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll similarity index 88% rename from python/ql/lib/semmle/python/security/dataflow/LogInjection.qll rename to python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll index 1e9d0b7a99f..eed0cec174d 100644 --- a/python/ql/lib/semmle/python/security/dataflow/LogInjection.qll +++ b/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll @@ -10,10 +10,6 @@ import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for tracking untrusted user input used in log entries. - */ -module LogInjection { import LogInjectionCustomizations::LogInjection /** @@ -32,4 +28,3 @@ module LogInjection { guard instanceof SanitizerGuard } } -} diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjection.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll similarity index 98% rename from python/ql/lib/semmle/python/security/dataflow/PathInjection.qll rename to python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll index be6a37bbc23..ee812a2b59f 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PathInjection.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll @@ -11,10 +11,6 @@ private import semmle.python.Concepts import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting "path injection" vulnerabilities. - */ -module PathInjection { import PathInjectionCustomizations::PathInjection /** @@ -79,7 +75,7 @@ module PathInjection { class NormalizedUnchecked extends DataFlow::FlowState { NormalizedUnchecked() { this = "NormalizedUnchecked" } } -} + // --------------------------------------------------------------------------- // Old, deprecated code diff --git a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoS.qll b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll similarity index 86% rename from python/ql/lib/semmle/python/security/dataflow/PolynomialReDoS.qll rename to python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll index 3ee1cab64bb..f3d99173b1c 100644 --- a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoS.qll +++ b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll @@ -10,10 +10,6 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting "polynomial regular expression denial of service (ReDoS)" vulnerabilities. - */ -module PolynomialReDoS { import PolynomialReDoSCustomizations::PolynomialReDoS /** @@ -32,4 +28,3 @@ module PolynomialReDoS { guard instanceof SanitizerGuard } } -} diff --git a/python/ql/lib/semmle/python/security/dataflow/ReflectedXSS.qll b/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSQuery.qll similarity index 90% rename from python/ql/lib/semmle/python/security/dataflow/ReflectedXSS.qll rename to python/ql/lib/semmle/python/security/dataflow/ReflectedXSSQuery.qll index 2d6624493e8..14706a5fff5 100644 --- a/python/ql/lib/semmle/python/security/dataflow/ReflectedXSS.qll +++ b/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSQuery.qll @@ -10,10 +10,6 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities. - */ -module ReflectedXss { import ReflectedXSSCustomizations::ReflectedXss /** @@ -32,7 +28,6 @@ module ReflectedXss { guard instanceof SanitizerGuard } } -} /** DEPRECATED: Alias for ReflectedXss */ deprecated module ReflectedXSS = ReflectedXss; diff --git a/python/ql/lib/semmle/python/security/dataflow/RegexInjection.qll b/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll similarity index 88% rename from python/ql/lib/semmle/python/security/dataflow/RegexInjection.qll rename to python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll index 80601bd638f..dbed0ac9776 100644 --- a/python/ql/lib/semmle/python/security/dataflow/RegexInjection.qll +++ b/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll @@ -11,11 +11,6 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting regular expression injection - * vulnerabilities. - */ -module RegexInjection { import RegexInjectionCustomizations::RegexInjection /** @@ -34,4 +29,3 @@ module RegexInjection { guard instanceof SanitizerGuard } } -} diff --git a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgery.qll b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll similarity index 57% rename from python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgery.qll rename to python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll index ba19be68713..5b62f64391f 100644 --- a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgery.qll +++ b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll @@ -11,23 +11,19 @@ import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking import semmle.python.Concepts -/** - * Provides a taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities. - * - * This configuration has a sanitizer to limit results to cases where attacker has full control of URL. - * See `PartialServerSideRequestForgery` for a variant without this requirement. - * - * You should use the `partOfFullyControlledRequest` to only select results where all - * URL parts are fully controlled. - */ -module FullServerSideRequestForgery { - import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery +import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery /** * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities. + * + * This configuration has a sanitizer to limit results to cases where attacker has full control of URL. + * See `PartialServerSideRequestForgery` for a variant without this requirement. + * + * You should use the `fullyControlledRequest` to only select results where all + * URL parts are fully controlled. */ - class Configuration extends TaintTracking::Configuration { - Configuration() { this = "FullServerSideRequestForgery" } + class FullServerSideRequestForgeryConfiguration extends TaintTracking::Configuration { + FullServerSideRequestForgeryConfiguration() { this = "FullServerSideRequestForgery" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -43,33 +39,26 @@ module FullServerSideRequestForgery { guard instanceof SanitizerGuard } } -} /** * Holds if all URL parts of `request` is fully user controlled. */ predicate fullyControlledRequest(HTTP::Client::Request request) { - exists(FullServerSideRequestForgery::Configuration fullConfig | + exists(FullServerSideRequestForgeryConfiguration fullConfig | forall(DataFlow::Node urlPart | urlPart = request.getAUrlPart() | fullConfig.hasFlow(_, urlPart) ) ) } -/** - * Provides a taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities. - * - * This configuration has results, even when the attacker does not have full control over the URL. - * See `FullServerSideRequestForgery` for variant that has this requirement. - */ -module PartialServerSideRequestForgery { - import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery - /** * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities. + * + * This configuration has results, even when the attacker does not have full control over the URL. + * See `FullServerSideRequestForgeryConfiguration`, and the `fullyControlledRequest` predicate. */ - class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PartialServerSideRequestForgery" } + class PartialServerSideRequestForgeryConfiguration extends TaintTracking::Configuration { + PartialServerSideRequestForgeryConfiguration() { this = "PartialServerSideRequestForgery" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -81,4 +70,3 @@ module PartialServerSideRequestForgery { guard instanceof SanitizerGuard } } -} diff --git a/python/ql/lib/semmle/python/security/dataflow/SqlInjection.qll b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll similarity index 92% rename from python/ql/lib/semmle/python/security/dataflow/SqlInjection.qll rename to python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll index 9f7cd02413b..f21cf752971 100644 --- a/python/ql/lib/semmle/python/security/dataflow/SqlInjection.qll +++ b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll @@ -10,10 +10,6 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting "SQL injection" vulnerabilities. - */ -module SqlInjection { import SqlInjectionCustomizations::SqlInjection /** @@ -32,7 +28,6 @@ module SqlInjection { guard instanceof SanitizerGuard } } -} /** * DEPRECATED: Don't extend this class for customization, since this will lead to bad diff --git a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposure.qll b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll similarity index 92% rename from python/ql/lib/semmle/python/security/dataflow/StackTraceExposure.qll rename to python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll index 5d0cb512630..4089a8fc170 100644 --- a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposure.qll +++ b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll @@ -10,10 +10,6 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting "stack trace exposure" vulnerabilities. - */ -module StackTraceExposure { import StackTraceExposureCustomizations::StackTraceExposure /** @@ -41,7 +37,6 @@ module StackTraceExposure { ) } } -} /** * DEPRECATED: Don't extend this class for customization, since this will lead to bad diff --git a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserialization.qll b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll similarity index 90% rename from python/ql/lib/semmle/python/security/dataflow/UnsafeDeserialization.qll rename to python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll index 6a0b5b444e9..ba86b98e0e7 100644 --- a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserialization.qll +++ b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll @@ -10,10 +10,6 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting "code execution from deserialization" vulnerabilities. - */ -module UnsafeDeserialization { import UnsafeDeserializationCustomizations::UnsafeDeserialization /** @@ -32,7 +28,6 @@ module UnsafeDeserialization { guard instanceof SanitizerGuard } } -} /** * DEPRECATED: Don't extend this class for customization, since this will lead to bad diff --git a/python/ql/lib/semmle/python/security/dataflow/UrlRedirect.qll b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll similarity index 91% rename from python/ql/lib/semmle/python/security/dataflow/UrlRedirect.qll rename to python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll index 973e98e2471..23b6ed0850f 100644 --- a/python/ql/lib/semmle/python/security/dataflow/UrlRedirect.qll +++ b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll @@ -10,10 +10,6 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting "URL redirection" vulnerabilities. - */ -module UrlRedirect { import UrlRedirectCustomizations::UrlRedirect /** @@ -32,7 +28,6 @@ module UrlRedirect { guard instanceof SanitizerGuard } } -} /** * DEPRECATED: Don't extend this class for customization, since this will lead to bad diff --git a/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashing.qll b/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll similarity index 100% rename from python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashing.qll rename to python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll diff --git a/python/ql/lib/semmle/python/security/dataflow/XpathInjection.qll b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll similarity index 89% rename from python/ql/lib/semmle/python/security/dataflow/XpathInjection.qll rename to python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll index e0a0815666a..aeb03485740 100644 --- a/python/ql/lib/semmle/python/security/dataflow/XpathInjection.qll +++ b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll @@ -10,10 +10,6 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -/** - * Provides a taint-tracking configuration for detecting "Xpath Injection" vulnerabilities. - */ -module XpathInjection { import XpathInjectionCustomizations::XpathInjection /** @@ -32,4 +28,3 @@ module XpathInjection { guard instanceof SanitizerGuard } } -}