Python: Adopt Query.qll suffix for dataflow config defs

This commit in itself makes everything break, but should make it easy to follow the overall changes being made.
2026-04-30 19:26:02 +02:00 · 2022-03-21 13:25:13 +01:00
parent d31ef371ec
commit 1bf8fa6a3b
17 changed files with 17 additions and 107 deletions
--- a/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/CleartextLoggingQuery.qll
@@ -14,10 +14,7 @@ private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.dataflow.new.SensitiveDataSources

-/**
- * Provides a taint-tracking configuration for detecting "Clear-text logging of sensitive information".
- */
-module CleartextLogging {
+
  import CleartextLoggingCustomizations::CleartextLogging

  /**
@@ -36,4 +33,3 @@ module CleartextLogging {
      node instanceof Sanitizer
    }
  }
-}
--- a/python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/CleartextStorageQuery.qll
@@ -14,10 +14,6 @@ private import semmle.python.dataflow.new.RemoteFlowSources
 private import semmle.python.dataflow.new.BarrierGuards
 private import semmle.python.dataflow.new.SensitiveDataSources

-/**
- * Provides a taint-tracking configuration for detecting "Clear-text storage of sensitive information".
- */
-module CleartextStorage {
  import CleartextStorageCustomizations::CleartextStorage

  /**
@@ -36,4 +32,3 @@ module CleartextStorage {
      node instanceof Sanitizer
    }
  }
-}
--- a/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/CodeInjectionQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting "code injection" vulnerabilities.
- */
-module CodeInjection {
  import CodeInjectionCustomizations::CodeInjection

  /**
@@ -32,7 +28,6 @@ module CodeInjection {
      guard instanceof SanitizerGuard
    }
  }
-}

 /**
 * DEPRECATED: Don't extend this class for customization, since this will lead to bad
--- a/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/CommandInjectionQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting "command injection" vulnerabilities.
- */
-module CommandInjection {
  import CommandInjectionCustomizations::CommandInjection

  /**
@@ -32,7 +28,6 @@ module CommandInjection {
      guard instanceof SanitizerGuard
    }
  }
-}

 /**
 * DEPRECATED: Don't extend this class for customization, since this will lead to bad
--- a/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/LdapInjectionQuery.qll
@@ -12,14 +12,6 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.RemoteFlowSources

-/**
- * Provides aint-tracking configurations for detecting LDAP injection vulnerabilities.class
- *
- * Two configurations are provided. One is for detecting LDAP injection
- * via the distinguished name (DN). The other is for detecting LDAP injection
- * via the filter. These require different escapings.
- */
-module LdapInjection {
  import LdapInjectionCustomizations::LdapInjection

  /**
@@ -57,4 +49,3 @@ module LdapInjection {
      guard instanceof FilterSanitizerGuard
    }
  }
-}
--- a/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/LogInjectionQuery.qll
@@ -10,10 +10,6 @@ import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for tracking untrusted user input used in log entries.
- */
-module LogInjection {
  import LogInjectionCustomizations::LogInjection

  /**
@@ -32,4 +28,3 @@ module LogInjection {
      guard instanceof SanitizerGuard
    }
  }
-}
--- a/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/PathInjectionQuery.qll
@@ -11,10 +11,6 @@ private import semmle.python.Concepts
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting "path injection" vulnerabilities.
- */
-module PathInjection {
  import PathInjectionCustomizations::PathInjection

  /**
@@ -79,7 +75,7 @@ module PathInjection {
  class NormalizedUnchecked extends DataFlow::FlowState {
    NormalizedUnchecked() { this = "NormalizedUnchecked" }
  }
-}
+

 // ---------------------------------------------------------------------------
 // Old, deprecated code
--- a/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/PolynomialReDoSQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting "polynomial regular expression denial of service (ReDoS)" vulnerabilities.
- */
-module PolynomialReDoS {
  import PolynomialReDoSCustomizations::PolynomialReDoS

  /**
@@ -32,4 +28,3 @@ module PolynomialReDoS {
      guard instanceof SanitizerGuard
    }
  }
-}
--- a/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/ReflectedXSSQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting "reflected server-side cross-site scripting" vulnerabilities.
- */
-module ReflectedXss {
  import ReflectedXSSCustomizations::ReflectedXss

  /**
@@ -32,7 +28,6 @@ module ReflectedXss {
      guard instanceof SanitizerGuard
    }
  }
-}

 /** DEPRECATED: Alias for ReflectedXss */
 deprecated module ReflectedXSS = ReflectedXss;
--- a/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/RegexInjectionQuery.qll
@@ -11,11 +11,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting regular expression injection
- * vulnerabilities.
- */
-module RegexInjection {
  import RegexInjectionCustomizations::RegexInjection

  /**
@@ -34,4 +29,3 @@ module RegexInjection {
      guard instanceof SanitizerGuard
    }
  }
-}
--- a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
@@ -11,23 +11,19 @@ import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking
 import semmle.python.Concepts

-/**
- * Provides a taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
- *
- * This configuration has a sanitizer to limit results to cases where attacker has full control of URL.
- * See `PartialServerSideRequestForgery` for a variant without this requirement.
- *
- * You should use the `partOfFullyControlledRequest` to only select results where all
- * URL parts are fully controlled.
- */
-module FullServerSideRequestForgery {
-  import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery
+import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery

  /**
   * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
+   *
+   * This configuration has a sanitizer to limit results to cases where attacker has full control of URL.
+   * See `PartialServerSideRequestForgery` for a variant without this requirement.
+   *
+   * You should use the `fullyControlledRequest` to only select results where all
+   * URL parts are fully controlled.
   */
-  class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "FullServerSideRequestForgery" }
+  class FullServerSideRequestForgeryConfiguration extends TaintTracking::Configuration {
+    FullServerSideRequestForgeryConfiguration() { this = "FullServerSideRequestForgery" }

    override predicate isSource(DataFlow::Node source) { source instanceof Source }

@@ -43,33 +39,26 @@ module FullServerSideRequestForgery {
      guard instanceof SanitizerGuard
    }
  }
-}

 /**
 * Holds if all URL parts of `request` is fully user controlled.
 */
 predicate fullyControlledRequest(HTTP::Client::Request request) {
-  exists(FullServerSideRequestForgery::Configuration fullConfig |
+  exists(FullServerSideRequestForgeryConfiguration fullConfig |
    forall(DataFlow::Node urlPart | urlPart = request.getAUrlPart() |
      fullConfig.hasFlow(_, urlPart)
    )
  )
 }

-/**
- * Provides a taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
- *
- * This configuration has results, even when the attacker does not have full control over the URL.
- * See `FullServerSideRequestForgery` for variant that has this requirement.
- */
-module PartialServerSideRequestForgery {
-  import ServerSideRequestForgeryCustomizations::ServerSideRequestForgery
-
  /**
   * A taint-tracking configuration for detecting "Server-side request forgery" vulnerabilities.
+   *
+   * This configuration has results, even when the attacker does not have full control over the URL.
+   * See `FullServerSideRequestForgeryConfiguration`, and the `fullyControlledRequest` predicate.
   */
-  class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "PartialServerSideRequestForgery" }
+  class PartialServerSideRequestForgeryConfiguration extends TaintTracking::Configuration {
+    PartialServerSideRequestForgeryConfiguration() { this = "PartialServerSideRequestForgery" }

    override predicate isSource(DataFlow::Node source) { source instanceof Source }

@@ -81,4 +70,3 @@ module PartialServerSideRequestForgery {
      guard instanceof SanitizerGuard
    }
  }
-}
--- a/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/SqlInjectionQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting "SQL injection" vulnerabilities.
- */
-module SqlInjection {
  import SqlInjectionCustomizations::SqlInjection

  /**
@@ -32,7 +28,6 @@ module SqlInjection {
      guard instanceof SanitizerGuard
    }
  }
-}

 /**
 * DEPRECATED: Don't extend this class for customization, since this will lead to bad
--- a/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/StackTraceExposureQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting "stack trace exposure" vulnerabilities.
- */
-module StackTraceExposure {
  import StackTraceExposureCustomizations::StackTraceExposure

  /**
@@ -41,7 +37,6 @@ module StackTraceExposure {
      )
    }
  }
-}

 /**
 * DEPRECATED: Don't extend this class for customization, since this will lead to bad
--- a/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/UnsafeDeserializationQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting "code execution from deserialization" vulnerabilities.
- */
-module UnsafeDeserialization {
  import UnsafeDeserializationCustomizations::UnsafeDeserialization

  /**
@@ -32,7 +28,6 @@ module UnsafeDeserialization {
      guard instanceof SanitizerGuard
    }
  }
-}

 /**
 * DEPRECATED: Don't extend this class for customization, since this will lead to bad
--- a/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/UrlRedirectQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting "URL redirection" vulnerabilities.
- */
-module UrlRedirect {
  import UrlRedirectCustomizations::UrlRedirect

  /**
@@ -32,7 +28,6 @@ module UrlRedirect {
      guard instanceof SanitizerGuard
    }
  }
-}

 /**
 * DEPRECATED: Don't extend this class for customization, since this will lead to bad
--- a/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/WeakSensitiveDataHashingQuery.qll
--- a/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/XpathInjectionQuery.qll
@@ -10,10 +10,6 @@ private import python
 import semmle.python.dataflow.new.DataFlow
 import semmle.python.dataflow.new.TaintTracking

-/**
- * Provides a taint-tracking configuration for detecting "Xpath Injection" vulnerabilities.
- */
-module XpathInjection {
  import XpathInjectionCustomizations::XpathInjection

  /**
@@ -32,4 +28,3 @@ module XpathInjection {
      guard instanceof SanitizerGuard
    }
  }
-}