C#: Make most module imports private.

2026-04-30 03:05:15 +02:00 · 2022-03-24 10:47:22 +01:00
parent ad27a5a1a6
commit 1c7d764d54
6 changed files with 82 additions and 42 deletions
--- a/java/ql/src/utils/model-generator/internal/CaptureModels.qll
+++ b/java/ql/src/utils/model-generator/internal/CaptureModels.qll
@@ -10,7 +10,7 @@ private import ModelGeneratorUtils
 * Gets the summary model of `api`, if it follows the `fluent` programming pattern (returns `this`).
 */
 string captureQualifierFlow(TargetApi api) {
-  exists(ReturnNodeExt ret |
+  exists(DataFlowImplCommon::ReturnNodeExt ret |
    api = returnNodeEnclosingCallable(ret) and
    isOwnInstanceAccessNode(ret)
  ) and
@@ -47,7 +47,7 @@ private class ThroughFlowConfig extends TaintTracking::Configuration {
  }

  override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
-    sink instanceof ReturnNodeExt and
+    sink instanceof DataFlowImplCommon::ReturnNodeExt and
    not isOwnInstanceAccessNode(sink) and
    not exists(captureQualifierFlow(sink.asExpr().getEnclosingCallable())) and
    (state instanceof TaintRead or state instanceof TaintStore)
@@ -57,8 +57,8 @@ private class ThroughFlowConfig extends TaintTracking::Configuration {
    DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
    DataFlow::FlowState state2
  ) {
-    exists(TypedContent tc |
-      store(node1, tc, node2, _) and
+    exists(DataFlowImplCommon::TypedContent tc |
+      DataFlowImplCommon::store(node1, tc, node2, _) and
      isRelevantContent(tc.getContent()) and
      (state1 instanceof TaintRead or state1 instanceof TaintStore) and
      state2 instanceof TaintStore
@@ -86,8 +86,8 @@ private class ThroughFlowConfig extends TaintTracking::Configuration {
 */
 string captureThroughFlow(TargetApi api) {
  exists(
-    ThroughFlowConfig config, DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt, string input,
-    string output
+    ThroughFlowConfig config, DataFlow::ParameterNode p,
+    DataFlowImplCommon::ReturnNodeExt returnNodeExt, string input, string output
  |
    config.hasFlow(p, returnNodeExt) and
    returnNodeExt.getEnclosingCallable() = api and
@@ -108,11 +108,11 @@ string captureThroughFlow(TargetApi api) {
 private class FromSourceConfiguration extends TaintTracking::Configuration {
  FromSourceConfiguration() { this = "FromSourceConfiguration" }

-  override predicate isSource(DataFlow::Node source) { sourceNode(source, _) }
+  override predicate isSource(DataFlow::Node source) { ExternalFlow::sourceNode(source, _) }

  override predicate isSink(DataFlow::Node sink) {
    exists(TargetApi c |
-      sink instanceof ReturnNodeExt and
+      sink instanceof DataFlowImplCommon::ReturnNodeExt and
      sink.getEnclosingCallable() = c
    )
  }
@@ -132,7 +132,7 @@ private class FromSourceConfiguration extends TaintTracking::Configuration {
 string captureSource(TargetApi api) {
  exists(DataFlow::Node source, DataFlow::Node sink, FromSourceConfiguration config, string kind |
    config.hasFlow(source, sink) and
-    sourceNode(source, kind) and
+    ExternalFlow::sourceNode(source, kind) and
    api = sink.getEnclosingCallable() and
    result = asSourceModel(api, returnNodeAsOutput(sink), kind)
  )
@@ -148,7 +148,7 @@ string captureSource(TargetApi api) {
 private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific {
  PropagateToSinkConfiguration() { this = "parameters or fields flowing into sinks" }

-  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
+  override predicate isSink(DataFlow::Node sink) { ExternalFlow::sinkNode(sink, _) }

  override DataFlow::FlowFeature getAFeature() {
    result instanceof DataFlow::FeatureHasSourceCallContext
@@ -161,7 +161,7 @@ private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationS
 string captureSink(TargetApi api) {
  exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind |
    config.hasFlow(src, sink) and
-    sinkNode(sink, kind) and
+    ExternalFlow::sinkNode(sink, kind) and
    api = src.getEnclosingCallable() and
    not kind = "logging" and
    result = asSinkModel(api, asInputArgument(src), kind)
--- a/java/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll
+++ b/java/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll
@@ -3,9 +3,9 @@
 */

 import java
-import semmle.code.java.dataflow.ExternalFlow
+private import semmle.code.java.dataflow.ExternalFlow as Ef
 import semmle.code.java.dataflow.TaintTracking
-import semmle.code.java.dataflow.internal.DataFlowImplCommon
+private import semmle.code.java.dataflow.internal.DataFlowImplCommon as Dfic
 import semmle.code.java.dataflow.internal.DataFlowNodes
 import semmle.code.java.dataflow.internal.DataFlowPrivate
 import semmle.code.java.dataflow.InstanceAccess
@@ -14,8 +14,8 @@ import ModelGeneratorUtils
 /**
 * Gets the enclosing callable of `ret`.
 */
-Callable returnNodeEnclosingCallable(ReturnNodeExt ret) {
-  result = getNodeEnclosingCallable(ret).asCallable()
+Callable returnNodeEnclosingCallable(Dfic::ReturnNodeExt ret) {
+  result = Dfic::getNodeEnclosingCallable(ret).asCallable()
 }

 /**
@@ -60,3 +60,17 @@ string asInputArgument(DataFlow::Node source) {
  source.asExpr() instanceof FieldAccess and
  result = qualifierString()
 }
+
+module DataFlowImplCommon {
+  predicate store = Dfic::store/4;
+
+  class ReturnNodeExt = Dfic::ReturnNodeExt;
+
+  class TypedContent = Dfic::TypedContent;
+}
+
+module ExternalFlow {
+  predicate sourceNode = Ef::sourceNode/2;
+
+  predicate sinkNode = Ef::sinkNode/2;
+}